Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected] was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-09-13 19:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-13 19:36
Reported
2023-09-13 19:36
Platform
macos-20230831-en
Max time kernel
13s
Max time network
14s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --new-window http://analytics.supplyframe.com/trackingservlet/track?action=deepDive&value1=156657709&value2=2039&zone=SF_Syndication_2&url=http://WMJEE-Walgreens.spiceloans.com/[email protected]]
/usr/sbin/spctl
[/usr/sbin/spctl --test-devid-status]
/usr/bin/syslog
[/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature assessments enabled com.apple.message.signature2 devid enabled Message Gatekeeper state assessments enabled/devid enabled]
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.1:443 | tcp | |
| US | 23.46.71.26:443 | tcp | |
| US | 23.46.71.26:443 | tcp | |
| US | 23.46.71.26:443 | tcp | |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |