1af9c152e70466c1e5c501808e2f836bc6f1121567d8493ca95f4ed2de7aeb95

Resubmissions

04/05/2023, 13:40

230504-qymtaaee4t 3

04/05/2023, 13:23

230504-qmsv6aed6t 1

Analysis

max time kernel
29s
max time network
28s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
04/05/2023, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download - 2023-05-02T122403.690.jpg
Size

8KB
MD5

dffa55f5e8bbd052dd4d0c371b69c3e3
SHA1

8298da424a8f9d9ee9f4957caddee146ea4c7f45
SHA256

1af9c152e70466c1e5c501808e2f836bc6f1121567d8493ca95f4ed2de7aeb95
SHA512

0da149201a925919336163d387157a00cbe2992cc6685b4b6731c89893234992661033e0e627890a9d7b755bef931e4e0233100a98ae13903f2128066d22a7b8
SSDEEP

192:luNs2r9h88h6Bnilz/ApE8xcbBNA+acabmInqhaqoZusQaIrRUiauXe9:4NBdh6N6/ApzxcLAjfqboZnIBzM

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/download - 2023-05-02T122403.690.jpg\""
1⤵
PID:489

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/download - 2023-05-02T122403.690.jpg\""
1⤵
PID:489

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/download - 2023-05-02T122403.690.jpg\""
1⤵
PID:489

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/download - 2023-05-02T122403.690.jpg"
1⤵
PID:489

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/download - 2023-05-02T122403.690.jpg"
1⤵
PID:489
- /bin/zsh
  /bin/zsh -c "/Users/run/download - 2023-05-02T122403.690.jpg"
  2⤵
  PID:491
- /bin/zsh
  /bin/zsh -c "/Users/run/download - 2023-05-02T122403.690.jpg"
  2⤵
  PID:491
- /Users/run/download
  /Users/run/download - 2023-05-02T122403.690.jpg
  2⤵
  PID:491
- /Users/run/download
  /Users/run/download - 2023-05-02T122403.690.jpg
  2⤵
  PID:491

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:488

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:490

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:492

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:520

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:520

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:521

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:522

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.773A6BFD-589C-49B5-8D64-D4931742B853 521
1⤵
PID:523

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:523

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:528

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:528

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.006B5E26-E2FD-4AE8-B00B-13661829D0B6 521
1⤵
PID:529

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:529

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/AutoFillQuirks.plist

Filesize
52KB

MD5
66c58114c4d62b5b272454c3a7007747

SHA1
a788e3eba776db4f9d27f50e6c705d2de42c83e0

SHA256
60cc77176e244cb4c21160d65724f08e713893348274a222739234c294bf594b

SHA512
9558dab8733762b379a1da6db745ef3c98bdcc6383b14b7b0667001fbebaee16f678d77cfa8b29665b5a74d12c0788cdea6ab2ba23febc67945e0dcc01454cc5

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist

Filesize
1012B

MD5
0c29425555c7ff0ca114b1fd0dc39c50

SHA1
d7d808e8be92462f4c3ceba66734f0e9bb26acdd

SHA256
52826afeec974bb7bacb85bdc01dc4f23bf917d65e04773d7cad393f7866f3fd

SHA512
d9c8364a85f4b4a96caac1409f32f9d6b2f8ae19201e0abd2d449a3eedadd471e99e44bc92deb5d8fb60287da64a88e61b45f759e7b9a383a9bbe5f5fd242f95

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist

Filesize
2KB

MD5
99707b6e8b1daa434de2a176a458f85c

SHA1
96324f62483dd7ac8683d1850d694bb900eb3419

SHA256
f282d8a52bfdcd208792a47c074e59a1e16d627d53094e11fc73e595aec7ddad

SHA512
e8018018f91a5ce5c418f5c6445dc11a44b40aa6f619958d496b18507b3fe309415bf9ab293e9c7c0b3e4ba109213d0216d39c0304a7bc3cce301db0a729430c

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist

Filesize
76B

MD5
cdc65b5f112547eafae0f16f9c149426

SHA1
aeaf9908a5b6ff3e2f7b738abf5fe9e79108ba01

SHA256
1c6d085d871a855ce4a3902bab4b9b92631b8ee8f0b7f6536768a2aaf427b45c

SHA512
e8b0e4ce6a760a718a19976d3cfe9063f04fb4bf179947aeca84e94c83f21459fb9dc0ffabea8f633bd2d0ba94fe1e15d8c97e9604fde8bd0dea961eb83bddb7

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads