58a5177dd04daf84d6794e32f3ae73b418b2d0bce5d296496302715446c21143

Analysis

max time kernel
357s
max time network
1803s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
23/08/2023, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

portablemc-4.0.1/portablemc/fabric.py
Size

5KB
MD5

3ee1370acdcf43ef00ed754d6c9ca352
SHA1

c3742872ebf3355f9453abf8d50e28d1b7e62213
SHA256

1eff91ddc9a8f1122f5a4a86e709129efc30d614a20483526c58571db809494e
SHA512

f7eca0b3f431fa0ee86ee3a9589828c0f793127dabc90a39f2c7c33e2e3f7349b18d88ba4191259b17fb7a45046f31e0a65b9078245a789f5c39691d8ed8bc0f
SSDEEP

96:nwJ8eYKEoyUHIfrIkBtCsztCa2RXxvGbIm7+EYArIka:nJJFoDf9E+x/

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/portablemc-4.0.1/portablemc/fabric.py\""
1⤵
PID:490

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/portablemc-4.0.1/portablemc/fabric.py\""
1⤵
PID:490

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/portablemc-4.0.1/portablemc/fabric.py\""
1⤵
PID:490

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/portablemc-4.0.1/portablemc/fabric.py
1⤵
PID:490

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/portablemc-4.0.1/portablemc/fabric.py
1⤵
PID:490
- /bin/zsh
  /bin/zsh -c /Users/run/portablemc-4.0.1/portablemc/fabric.py
  2⤵
  PID:493
- /bin/zsh
  /bin/zsh -c /Users/run/portablemc-4.0.1/portablemc/fabric.py
  2⤵
  PID:493
- /Users/run/portablemc-4.0.1/portablemc/fabric.py
  /Users/run/portablemc-4.0.1/portablemc/fabric.py
  2⤵
  PID:493
- /Users/run/portablemc-4.0.1/portablemc/fabric.py
  /Users/run/portablemc-4.0.1/portablemc/fabric.py
  2⤵
  PID:493
- /bin/sh
  sh /Users/run/portablemc-4.0.1/portablemc/fabric.py
  2⤵
  PID:493
- /bin/sh
  sh /Users/run/portablemc-4.0.1/portablemc/fabric.py
  2⤵
  PID:493
- /bin/bash
  sh /Users/run/portablemc-4.0.1/portablemc/fabric.py
  2⤵
  PID:493
- /bin/bash
  sh /Users/run/portablemc-4.0.1/portablemc/fabric.py
  2⤵
  PID:493
- - Definition of tasks for installing and running Fabric/Quilt mod loader.
    "Definition of tasks for installing and running Fabric/Quilt mod loader. "
    3⤵
    PID:494
- - Definition of tasks for installing and running Fabric/Quilt mod loader.
    "Definition of tasks for installing and running Fabric/Quilt mod loader. "
    3⤵
    PID:494
- - /usr/bin/from
    from .standard import "Context," "VersionHandle," "Version," "Watcher," VersionNotFoundError
    3⤵
    PID:495
- - /usr/bin/from
    from .standard import "Context," "VersionHandle," "Version," "Watcher," VersionNotFoundError
    3⤵
    PID:495
- - /usr/bin/from
    from .http import "http_request," HttpError
    3⤵
    PID:496
- - /usr/bin/from
    from .http import "http_request," HttpError
    3⤵
    PID:496
- - /usr/bin/from
    from typing import "Optional," "Any," Iterator
    3⤵
    PID:497
- - /usr/bin/from
    from typing import "Optional," "Any," Iterator
    3⤵
    PID:497

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:491

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:492

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:525

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:554

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:555

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:555

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads