e57cdcd7e58d404aa88fce78a151259799af58b1cad3fd32e7655e8433758a59

Analysis

max time kernel
1720s
max time network
1776s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
13-02-2023 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Arc-latest.dmg
Size

302.2MB
MD5

93105e77ee6f3b95475c1e6f4f8acca2
SHA1

23f64472f2599b76a12c3618f1666ff2641d9cd3
SHA256

e57cdcd7e58d404aa88fce78a151259799af58b1cad3fd32e7655e8433758a59
SHA512

cb633d1454cf5686b4e028325083f60de8cd90b07eae8d828f4d8587bd6f0a9d5a220d719a7af5c32d9aca2f2c4c4cb977760cea99832c3bdd2ec03ee3806a62
SSDEEP

6291456:f8lEGhFvbAiLwp8F0i/OhwRCEviurCGLrvqBY6RhCHpcWDdRuf/73Qyh:0CaDAi4i/Osd6QLzqBY6RUX6jgy

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"open /Volumes/Arc/Arc.app\""
1⤵
PID:530

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/Arc/Arc.app\""
1⤵
PID:530

/bin/bash
sh -c "sudo /bin/zsh -c \"open /Volumes/Arc/Arc.app\""
1⤵
PID:530

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/Arc/Arc.app"
1⤵
PID:530

/usr/bin/sudo
sudo /bin/zsh -c "open /Volumes/Arc/Arc.app"
1⤵
PID:530
- /bin/zsh
  /bin/zsh -c "open /Volumes/Arc/Arc.app"
  2⤵
  PID:531
- /bin/zsh
  /bin/zsh -c "open /Volumes/Arc/Arc.app"
  2⤵
  PID:531
- /usr/bin/open
  open /Volumes/Arc/Arc.app
  2⤵
  PID:531
- /usr/bin/open
  open /Volumes/Arc/Arc.app
  2⤵
  PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:542

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:542

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:543

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:543

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:544

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.DesktopServicesHelper.C8F5902F-48DB-461F-B5AB-CDE0D4BF2FF2
1⤵
PID:559

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
1⤵
PID:559

/usr/libexec/xpcproxy
xpcproxy com.apple.DesktopServicesHelper.5A58A83D-FD73-461A-AFFC-99D46D9E8508
1⤵
PID:564

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:572

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:575

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:575

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:574

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:572

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:568

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 565
1⤵
PID:577

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.systemprofiler
1⤵
PID:580

/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information
"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:585

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:585

/usr/libexec/xpcproxy
xpcproxy com.apple.newsyslog
1⤵
PID:590

/usr/sbin/newsyslog
/usr/sbin/newsyslog
1⤵
PID:590

/usr/libexec/xpcproxy
xpcproxy com.apple.parsec-fbf
1⤵
PID:594

/System/Library/PrivateFrameworks/CoreParsec.framework/parsec-fbf
/System/Library/PrivateFrameworks/CoreParsec.framework/parsec-fbf
1⤵
PID:594

/usr/libexec/xpcproxy
xpcproxy com.apple.bsd.dirhelper
1⤵
PID:595

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:616

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:616

/usr/libexec/xpcproxy
xpcproxy com.apple.gkreport
1⤵
PID:618

/usr/libexec/gkreport
/usr/libexec/gkreport
1⤵
PID:618
- /usr/sbin/spctl
  /usr/sbin/spctl --status
  2⤵
  PID:619
- /usr/sbin/spctl
  /usr/sbin/spctl --test-devid-status
  2⤵
  PID:620
- /usr/bin/syslog
  /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
  2⤵
  PID:621

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads