3951530c06c2bb2accad1ff40ce847757a11cea869ccfa1f5f28abbe0b9d2422

Analysis

max time kernel
65s
max time network
66s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
11/05/2023, 19:37

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Cherry-Mountains-install.exe
Size

35.2MB
MD5

731c2b80bc8c619458004234f15e9f2e
SHA1

db178553f94783775e708c5c055480c20fa8eca0
SHA256

3951530c06c2bb2accad1ff40ce847757a11cea869ccfa1f5f28abbe0b9d2422
SHA512

9d954760e38f8aeb77fc313f8090c2bbb89397349bae127b9f8a1d0868ba0b3d588b85af95a9e5df1035c2984b8c8151dbdc45f0770b769885fa768a2c5abd66
SSDEEP

786432:l/tbnM1X1PTjOo/lXJUlU3R7PJgtO4m9/0As1r4CMEv456hOqOS:N1U1PvOo9XJUS7BSO4m9/0N1rrDyEB

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Cherry-Mountains-install.exe\""
1⤵
PID:495

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Cherry-Mountains-install.exe\""
1⤵
PID:495

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Cherry-Mountains-install.exe\""
1⤵
PID:495

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Cherry-Mountains-install.exe
1⤵
PID:495

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Cherry-Mountains-install.exe
1⤵
PID:495
- /bin/zsh
  /bin/zsh -c /Users/run/Cherry-Mountains-install.exe
  2⤵
  PID:509
- /bin/zsh
  /bin/zsh -c /Users/run/Cherry-Mountains-install.exe
  2⤵
  PID:509
- /Users/run/Cherry-Mountains-install.exe
  /Users/run/Cherry-Mountains-install.exe
  2⤵
  PID:509
- /Users/run/Cherry-Mountains-install.exe
  /Users/run/Cherry-Mountains-install.exe
  2⤵
  PID:509

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:508

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:510

/usr/libexec/xpcproxy
xpcproxy com.apple.systemprofiler
1⤵
PID:523

/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information
"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"
1⤵
PID:523

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:532

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:529

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:532

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:534

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:534

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 524
1⤵
PID:535

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:535

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:539

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 539
1⤵
PID:540

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:540

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:542

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:543

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:544

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:545

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:548

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.preference.desktopscreeneffect.desktop.remoteservice 539
1⤵
PID:549

/System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane/Contents/Resources/DesktopPictures.prefPane/Contents/XPCServices/com.apple.preference.desktopscreeneffect.desktop.remoteservice.xpc/Contents/MacOS/com.apple.preference.desktopscreeneffect.desktop.remoteservice
/System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane/Contents/Resources/DesktopPictures.prefPane/Contents/XPCServices/com.apple.preference.desktopscreeneffect.desktop.remoteservice.xpc/Contents/MacOS/com.apple.preference.desktopscreeneffect.desktop.remoteservice
1⤵
PID:549

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 549
1⤵
PID:552

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:552

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:553

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:554

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:560

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:560

/usr/libexec/xpcproxy
xpcproxy com.apple.PackageKit.InstallStatus
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.warmd_agent
1⤵
PID:564

/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress
"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"
1⤵
PID:563

/usr/libexec/warmd_agent
/usr/libexec/warmd_agent
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.security.keychain-circle-notification
1⤵
PID:565

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.ViewBridgeAuxiliary
1⤵
PID:567

/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification
"/System/Library/CoreServices/Keychain Circle Notification.app/Contents/MacOS/Keychain Circle Notification"
1⤵
PID:565

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:566

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.sessionlogoutd
1⤵
PID:568

/System/Library/CoreServices/sessionlogoutd
/System/Library/CoreServices/sessionlogoutd
1⤵
PID:568

/sbin/shutdown
/sbin/shutdown -h now
1⤵
PID:0
- /bin/sh
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:570
- /bin/bash
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:570
- /bin/bash
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:570
- /usr/bin/wall
  /usr/bin/wall -n
  2⤵
  PID:570
- /usr/bin/wall
  /usr/bin/wall -n
  2⤵
  PID:570
- /System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnose
  iogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin
  2⤵
  PID:0
- - /usr/sbin/spindump
    spindump -shutdownstall 2 -timelimit 5
    3⤵
    PID:572
- - /bin/sh
    sh -c /usr/sbin/kextstat
    3⤵
    PID:573
- - /bin/bash
    sh -c /usr/sbin/kextstat
    3⤵
    PID:573
- - /bin/bash
    sh -c /usr/sbin/kextstat
    3⤵
    PID:573
- - /usr/sbin/kextstat
    /usr/sbin/kextstat
    3⤵
    PID:573
- - /usr/sbin/kextstat
    /usr/sbin/kextstat
    3⤵
    PID:573
- - /bin/bash
    bash /private/var/install/shutdown_installer_tasks
    3⤵
    PID:574
- - /bin/bash
    bash /private/var/install/deferred_install
    3⤵
    PID:575

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Logs/DiagnosticReports/shutdown_stall_2023-05-11-213804_tests-iMac.shutdownStall

Filesize
171KB

MD5
389aae5299df89dbf0d44a7bb8808bd8

SHA1
b502e5329b35964a4b373f6042bd7f08524ee2cc

SHA256
262297cb1db29fc97d9c655bba73d3d1243b1df2005f1276ca4847003aa5600f

SHA512
dc66ac60ca9f86f502282ef70b5105237826622578c1701031de0ddb07f98fed2c319443a68cde8eb75b18da2c3666c46ec94aed70b07cf964c4ecb14e855402

Download Submit
/Users/run/Library/Caches/.dat.nosync021b.LdzHYu

Filesize
294KB

MD5
54a6415f0ccd912e6ef418df31566b14

SHA1
4b00b5adc45cf789c2d3464c184c1f782a73b2dd

SHA256
5703d526d31fb16982bafaab18e698b2bc9c10f5bdb690ad216ea0e09db16633

SHA512
0672d0c9a787f76fedb254202c669cb0553a9f7f99ba9b2e2511005d883a308db5850822fefc4b4dde4e24b0337aae5b215a34c9bb1fa7a0934199fce86613af

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.studentd/TemporaryItems/(A Document Being Saved By studentd)/isConnected

Filesize
9B

MD5
2ec0d16e4ca169baedb9b2d50ec5c6d7

SHA1
c2f9b7b4897f03f94abf92294c9ca46fea62360b

SHA256
22965568d22a14ee17af055d2870b50afcfe9fd94a83eec3196e266932297bb2

SHA512
22f8e80d23c6110fb42017d8f48db768acb5ed4c1a9153bdfc50f8fb0561dd4dc9267efcb9b88bf772200d7fb46c4c19bd86aec41432c12b52ba286729339334

Download Submit
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/spindump.txt

Filesize
132KB

MD5
d92f5f46910e8cb19bc254a2d491931d

SHA1
b5511b1e7326a94f00efb05cf2487f96a3ffa1a2

SHA256
da2a458ddd0d7a0d870274004d4fe9b12529549e7b2f60029bc91dafc2a2335a

SHA512
a50b4cb3a2f2496e24a9bd1b20fd8694fead63d52909ae6ffaadabfd098e1cfd90ea696387713eb14a627056ab15cd2be855c8625254de44af249603c47c07e5

Download Submit
/private/var/run/utmpx

Filesize
3KB

MD5
ae8392d5465a5d8ff16fa8ea045e1155

SHA1
a39975496d35a3a7615929ac73cd6d17047bda94

SHA256
35e80aba5201031b81c1215a7c783be8763794605a332ee4c0d347c816234d8c

SHA512
82c76115a0d446c0f974347a9903993eab342f8e5756037eb74e4a4c886d3386b66e5bffc7287e145e1b7260b54d60e8e34ed4b38ff83182e914c5a33bf96ff1

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads