Malware Analysis Report

2025-08-11 02:52

Sample ID 230913-ya81lsee2z
Target http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected] was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-09-13 19:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-13 19:36

Reported

2023-09-13 19:36

Platform

macos-20230831-en

Max time kernel

13s

Max time network

14s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]]

/usr/sbin/spctl

[/usr/sbin/spctl --test-devid-status]

/usr/bin/syslog

[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]

Network

Country Destination Domain Proto
US 20.189.173.1:443 tcp
US 23.46.71.26:443 tcp
US 23.46.71.26:443 tcp
US 23.46.71.26:443 tcp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp

Files

N/A