27052339536a08543f16b5fa0deb4ce554a70b697b27ee0143302d7e6ec4fe2f

Resubmissions

16/05/2023, 23:26

230516-3e3rlscb3s 1

16/05/2023, 23:26

16/05/2023, 23:18

16/05/2023, 23:15

16/05/2023, 23:13

16/05/2023, 23:10

Analysis

max time kernel
36s
max time network
34s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
16/05/2023, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bee movie script
Size

48KB
MD5

82efebf8c7b591240c3fc56307a121a2
SHA1

93ae3d6436613af8a6957db81e1701fbc50de7a8
SHA256

27052339536a08543f16b5fa0deb4ce554a70b697b27ee0143302d7e6ec4fe2f
SHA512

26a776d2c6bbf6c401c0970a04ef7ec83ca3931c2a74e6b19d0d8bb1e84276b5a1c37d0fe00bf0022568e9ad311adffced95dbc50b0c0b0aa6e16a9bde891066
SSDEEP

1536:ijaPW66ps+TjnDPZJ8Gr6JFDhCrXWqfuz0m/+7:imPEs+TjnVJ8hDh6X/2zn+7

Score

1^/10

Malware Config

Signatures

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:503

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/bee movie script\""
1⤵
PID:504

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/bee movie script\""
1⤵
PID:504

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/bee movie script\""
1⤵
PID:504

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/bee movie script"
1⤵
PID:504

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/bee movie script"
1⤵
PID:504
- /bin/zsh
  /bin/zsh -c "/Users/run/bee movie script"
  2⤵
  PID:506
- /bin/zsh
  /bin/zsh -c "/Users/run/bee movie script"
  2⤵
  PID:506
- /Users/run/bee
  /Users/run/bee movie script
  2⤵
  PID:506
- /Users/run/bee
  /Users/run/bee movie script
  2⤵
  PID:506

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:519

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:519

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 519
1⤵
PID:520

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:520

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:522

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:523

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:524

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:525

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:528

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:528

/usr/libexec/xpcproxy
xpcproxy com.apple.preference.screentime.remoteservice 519
1⤵
PID:529

/System/Library/PreferencePanes/ScreenTime.prefPane/Contents/XPCServices/com.apple.preference.screentime.remoteservice.xpc/Contents/MacOS/com.apple.preference.screentime.remoteservice
/System/Library/PreferencePanes/ScreenTime.prefPane/Contents/XPCServices/com.apple.preference.screentime.remoteservice.xpc/Contents/MacOS/com.apple.preference.screentime.remoteservice
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:530

/usr/libexec/xpcproxy
xpcproxy com.apple.colorsync.useragent
1⤵
PID:531

/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent
/System/Library/Frameworks/ColorSync.framework/Support/colorsync.useragent
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:536

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:538

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:538

/usr/libexec/xpcproxy
xpcproxy com.apple.preferences.users.remoteservice 519
1⤵
PID:539

/System/Library/PreferencePanes/Accounts.prefPane/Contents/XPCServices/com.apple.preferences.users.remoteservice.xpc/Contents/MacOS/com.apple.preferences.users.remoteservice
/System/Library/PreferencePanes/Accounts.prefPane/Contents/XPCServices/com.apple.preferences.users.remoteservice.xpc/Contents/MacOS/com.apple.preferences.users.remoteservice
1⤵
PID:539

/usr/libexec/xpcproxy
xpcproxy com.apple.localAuthenticationRemoteService 539
1⤵
PID:540

/System/Library/PrivateFrameworks/LocalAuthenticationUI.framework/Versions/A/XPCServices/localAuthenticationRemoteService.xpc/Contents/MacOS/localAuthenticationRemoteService
/System/Library/PrivateFrameworks/LocalAuthenticationUI.framework/Versions/A/XPCServices/localAuthenticationRemoteService.xpc/Contents/MacOS/localAuthenticationRemoteService
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.security.authhost.00000000-0000-0000-0000-0000000186A6
1⤵
PID:541

/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost
1⤵
PID:541

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Caches/.dat.nosync0207.dlncWS

Filesize
288KB

MD5
ec5b46478ef178277eb04cd1616e5b65

SHA1
cfc6b25172842c71a37153af404ecf1c4809f9bf

SHA256
d9f31b8fcbcdee17184dc928489934b81e1541e20ec1c53c332d096046b9ac64

SHA512
3f7af69355e59e8326e471e057d2e879d33753c7b042bf20f67aa8b78101b50bb1d3036505b5d0d17291d553491a6bc3aed7c67e51ef02fb17b9b7f54baff740

Download Submit
/Users/run/Library/Saved Application State/com.apple.systempreferences.savedState/data.data

Filesize
1KB

MD5
2d59697f24ff1d0344b3e25e9678b0dd

SHA1
0bf26826dfe74bfb33a0e4125faf8be16b66f417

SHA256
538bf76866e142ab992c949e7542c35d70df5ba517bc26e52a91a9ac83269992

SHA512
d161b86797b537eeac4333de18ae8169c86624e854a8bbb8bdc4262942f184e3ea7a3b8e9377670f37fc9012a5e052cdc568b376b9bac7a29a02d6c0f29c58b2

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.colorsync.profiles.502

Filesize
21KB

MD5
b8ce9d32c81882543f866e82df26e557

SHA1
5632583646de0ee5cc84600cda97794404c79c05

SHA256
ed48f46412b48e4d54ecfc48c8c8449f2f5578667a5a11c42e57039bd511a32c

SHA512
70f741bd3c2d15d3ab17079ec94ea9e5aad6d17d331915605876afe59c703f050daf201b9bbce593bd136195ab275bf001b1561e9422d78710a5ed96bf81decb

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.colorsync.profiles.502

Filesize
21KB

MD5
b8ce9d32c81882543f866e82df26e557

SHA1
5632583646de0ee5cc84600cda97794404c79c05

SHA256
ed48f46412b48e4d54ecfc48c8c8449f2f5578667a5a11c42e57039bd511a32c

SHA512
70f741bd3c2d15d3ab17079ec94ea9e5aad6d17d331915605876afe59c703f050daf201b9bbce593bd136195ab275bf001b1561e9422d78710a5ed96bf81decb

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.studentd/TemporaryItems/(A Document Being Saved By studentd)/isConnected

Filesize
9B

MD5
2ec0d16e4ca169baedb9b2d50ec5c6d7

SHA1
c2f9b7b4897f03f94abf92294c9ca46fea62360b

SHA256
22965568d22a14ee17af055d2870b50afcfe9fd94a83eec3196e266932297bb2

SHA512
22f8e80d23c6110fb42017d8f48db768acb5ed4c1a9153bdfc50f8fb0561dd4dc9267efcb9b88bf772200d7fb46c4c19bd86aec41432c12b52ba286729339334

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads