Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://sf-helper.ne...

macos-10.15-amd64

1

Resubmissions

10/07/2023, 09:44 UTC

230710-lqyhlaaf2t 1

10/07/2023, 09:30 UTC

230710-lgwbwahf27 1

10/07/2023, 08:51 UTC

230710-kr6d6aac5x 8

10/07/2023, 08:20 UTC

230710-j8sc7ahc68 8

Analysis

  • max time kernel
    37s
  • max time network
    32s
  • platform
    macos_amd64
  • resource
    macos-20220504-en
  • resource tags

    arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    10/07/2023, 09:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056

Score
1/10

Malware Config

Signatures

Processes

  • /usr/sbin/spctl
    /usr/sbin/spctl --test-devid-status
    1⤵
      PID:502
    • /usr/bin/syslog
      /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
      1⤵
        PID:503
      • /bin/sh
        sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
        1⤵
          PID:505
        • /bin/bash
          sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
          1⤵
            PID:505
          • /bin/bash
            sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
            1⤵
              PID:505
            • /usr/bin/sudo
              sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
              1⤵
                PID:505
              • /usr/bin/sudo
                sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
                1⤵
                  PID:505
                  • /bin/zsh
                    /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
                    2⤵
                      PID:508
                    • /bin/zsh
                      /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
                      2⤵
                        PID:508
                    • /usr/sbin/spctl
                      /usr/sbin/spctl --test-devid-status
                      1⤵
                        PID:502
                      • /usr/bin/syslog
                        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
                        1⤵
                          PID:503
                        • /bin/sh
                          sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
                          1⤵
                            PID:505
                          • /bin/bash
                            sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
                            1⤵
                              PID:505
                            • /bin/bash
                              sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056\""
                              1⤵
                                PID:505
                              • /usr/bin/sudo
                                sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
                                1⤵
                                  PID:505
                                • /usr/bin/sudo
                                  sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
                                  1⤵
                                    PID:505
                                    • /bin/zsh
                                      /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
                                      2⤵
                                        PID:508
                                      • /bin/zsh
                                        /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://sf-helper.net/dist/2023-06-08/SF-Helper.exe?vid=403&uid=c441b10ea578c4d2&t=1688971604692049056"
                                        2⤵
                                          PID:508

                                      Network

                                      • flag-us
                                        DNS
                                        13-courier.push.apple.com
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        13-courier.push.apple.com
                                        IN A
                                        Response
                                        13-courier.push.apple.com
                                        IN CNAME
                                        13.courier-push-apple.com.akadns.net
                                        13.courier-push-apple.com.akadns.net
                                        IN CNAME
                                        eu-nw-courier-4.push-apple.com.akadns.net
                                        eu-nw-courier-4.push-apple.com.akadns.net
                                        IN A
                                        17.57.146.173
                                        eu-nw-courier-4.push-apple.com.akadns.net
                                        IN A
                                        17.57.146.175
                                        eu-nw-courier-4.push-apple.com.akadns.net
                                        IN A
                                        17.57.146.171
                                        eu-nw-courier-4.push-apple.com.akadns.net
                                        IN A
                                        17.57.146.170
                                        eu-nw-courier-4.push-apple.com.akadns.net
                                        IN A
                                        17.57.146.172
                                        eu-nw-courier-4.push-apple.com.akadns.net
                                        IN A
                                        17.57.146.162
                                        eu-nw-courier-4.push-apple.com.akadns.net
                                        IN A
                                        17.57.146.163
                                        eu-nw-courier-4.push-apple.com.akadns.net
                                        IN A
                                        17.57.146.174
                                      • flag-us
                                        DNS
                                        e673.dsce9.akamaiedge.net
                                        Remote address:
                                        8.8.8.8:53
                                        Request
                                        e673.dsce9.akamaiedge.net
                                        IN A
                                        Response
                                        e673.dsce9.akamaiedge.net
                                        IN A
                                        173.223.112.22
                                      • 2.16.118.172:443
                                        64 B
                                         1
                                      • 8.8.8.8:53
                                        13-courier.push.apple.com
                                        dns
                                        71 B
                                         290 B
                                         1
                                        1

                                        DNS Request

                                        13-courier.push.apple.com

                                        DNS Response

                                        17.57.146.173
                                        17.57.146.175
                                        17.57.146.171
                                        17.57.146.170
                                        17.57.146.172
                                        17.57.146.162
                                        17.57.146.163
                                        17.57.146.174

                                      • 8.8.8.8:53
                                        e673.dsce9.akamaiedge.net
                                        dns
                                        71 B
                                         87 B
                                         1
                                        1

                                        DNS Request

                                        e673.dsce9.akamaiedge.net

                                        DNS Response

                                        173.223.112.22

                                      MITRE ATT&CK Matrix

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      We care about your privacy.

                                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.