Analysis

  • max time kernel
    3s
  • max time network
    6s
  • platform
    macos-10.15_amd64
  • resource
    macos-20230831-en
  • resource tags

    arch:amd64arch:i386image:macos-20230831-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    14/09/2023, 09:11

General

  • Target

    http://oweoumoughtcal.com/

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window http://oweoumoughtcal.com/\""
    1⤵
      PID:530
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window http://oweoumoughtcal.com/\""
      1⤵
        PID:530
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window http://oweoumoughtcal.com/\""
        1⤵
          PID:530
        • /usr/bin/sudo
          sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window http://oweoumoughtcal.com/"
          1⤵
            PID:530
          • /usr/bin/sudo
            sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window http://oweoumoughtcal.com/"
            1⤵
              PID:530
              • /bin/zsh
                /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window http://oweoumoughtcal.com/"
                2⤵
                  PID:531
                • /bin/zsh
                  /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window http://oweoumoughtcal.com/"
                  2⤵
                    PID:531
                  • /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
                    "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --new-window http://oweoumoughtcal.com/
                    2⤵
                      PID:531
                    • /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
                      "/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" --new-window http://oweoumoughtcal.com/
                      2⤵
                        PID:531
                    • /usr/sbin/spctl
                      /usr/sbin/spctl --test-devid-status
                      1⤵
                        PID:532
                      • /usr/bin/syslog
                        /usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
                        1⤵
                          PID:533
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.GameController.gamecontrollerd
                          1⤵
                            PID:536
                          • /usr/libexec/gamecontrollerd
                            /usr/libexec/gamecontrollerd
                            1⤵
                              PID:536
                            • /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
                              "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/var/root/Library/Application Support/Google/Chrome/Crashpad" "--metrics-dir=/var/root/Library/Application Support/Google/Chrome" "--url=https://clients2.google.com/cr/report" "--annotation=channel=" "--annotation=plat=OS X" "--annotation=prod=Chrome_Mac" "--annotation=ver=101.0.4951.54" "--handshake-fd=5"
                              1⤵
                                PID:538
                              • /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
                                "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/var/root/Library/Application Support/Google/Chrome/Crashpad" "--metrics-dir=/var/root/Library/Application Support/Google/Chrome" "--url=https://clients2.google.com/cr/report" "--annotation=channel=" "--annotation=plat=OS X" "--annotation=prod=Chrome_Mac" "--annotation=ver=101.0.4951.54" "--handshake-fd=5"
                                1⤵
                                  PID:538
                                • /usr/bin/profiles
                                  /usr/bin/profiles status -type enrollment
                                  1⤵
                                    PID:541
                                  • /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
                                    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"
                                    1⤵
                                      PID:543
                                    • /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
                                      "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize" com.google.Chrome
                                      1⤵
                                        PID:545
                                      • /usr/bin/tar
                                        /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist
                                        1⤵
                                          PID:546
                                        • /usr/libexec/xpcproxy
                                          xpcproxy com.apple.sandboxd
                                          1⤵
                                            PID:547
                                          • /usr/libexec/sandboxd
                                            /usr/libexec/sandboxd
                                            1⤵
                                              PID:547
                                            • /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
                                              "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)" "--type=gpu-process" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" "--gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA=" --shared-files "--field-trial-handle=1718379636,r,6172050731959207114,10357362123444468639,131072" "--seatbelt-client=21"
                                              1⤵
                                                PID:548
                                              • /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
                                                "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=network.mojom.NetworkService" "--lang=en-GB" "--service-sandbox-type=network" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6172050731959207114,10357362123444468639,131072" "--seatbelt-client=21"
                                                1⤵
                                                  PID:549
                                                • /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
                                                  "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=storage.mojom.StorageService" "--lang=en-GB" "--service-sandbox-type=utility" "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6172050731959207114,10357362123444468639,131072" "--seatbelt-client=28"
                                                  1⤵
                                                    PID:550
                                                  • /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
                                                    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)" "--type=utility" "--utility-sub-type=mac_notifications.mojom.MacNotificationProvider" "--lang=en-GB" "--service-sandbox-type=none" --message-loop-type-ui "--metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7" --shared-files "--field-trial-handle=1718379636,r,6172050731959207114,10357362123444468639,131072"
                                                    1⤵
                                                      PID:551

                                                    Network

                                                          MITRE ATT&CK Matrix

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • /private/var/db/Sandbox/syncroots.db

                                                            Filesize

                                                            431B

                                                            MD5

                                                            e4946ad9e7a4fc02dfc2ef1ae0e17cf2

                                                            SHA1

                                                            add1ccc54e63d497c26a1a9956443c6a1bdf8b9f

                                                            SHA256

                                                            3c830812eb8dfacbc699dac1c177c1d1ef2f52c86a202bdc669514c8dbf2b1a8

                                                            SHA512

                                                            77f06e92dd2eaed59cc043dbd2b97bd82a06e360e284abc9a7499ecc736f65fb17e58c1897506ad2ec9605bf49f0de41ca49ce314a618e852006dfe2f0a9aab9

                                                          • /private/var/root/Library/Application Support/Google/Chrome/Consent To Send Stats

                                                            Filesize

                                                            36B

                                                            MD5

                                                            9c77a8e95ea431b02675e8e73509b1cf

                                                            SHA1

                                                            ac544d9ae40a74c541d3b00567e0c45a2eef76c7

                                                            SHA256

                                                            cb292ef31bec9d1dcd7d2e23a4a025377e8f7c396c06436e85663f91cde17426

                                                            SHA512

                                                            3ee05e92cf95728e37defffd6651114e647a0127e02f5c66ca0f63c632e30d467b947a65ece593ce646d5302177bd0e68ab8fb03f5a0655f28b69f6cfbdd5c5f

                                                          • /private/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat

                                                            Filesize

                                                            40B

                                                            MD5

                                                            c6db1caaee0095f017c09113d53ed054

                                                            SHA1

                                                            cc37e2b3948325a0eeb51080f45b17ebf52a7035

                                                            SHA256

                                                            ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476

                                                            SHA512

                                                            3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

                                                          • /private/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat

                                                            Filesize

                                                            40B

                                                            MD5

                                                            c6db1caaee0095f017c09113d53ed054

                                                            SHA1

                                                            cc37e2b3948325a0eeb51080f45b17ebf52a7035

                                                            SHA256

                                                            ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476

                                                            SHA512

                                                            3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

                                                          • /private/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

                                                            Filesize

                                                            312B

                                                            MD5

                                                            5c4e7ade5753ab7de2c42c04111fa42e

                                                            SHA1

                                                            fb577b8c07d9617f507a3f2950df0a6dcfebe4e2

                                                            SHA256

                                                            d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82

                                                            SHA512

                                                            7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

                                                          • /private/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

                                                            Filesize

                                                            136B

                                                            MD5

                                                            fe382e791274914bee5950777e4f1fd3

                                                            SHA1

                                                            53b523b5fc87e66f2520a0b5f9ea080072668f4d

                                                            SHA256

                                                            935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132

                                                            SHA512

                                                            a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

                                                          • /private/var/root/Library/Application Support/Google/Chrome/Last Version

                                                            Filesize

                                                            13B

                                                            MD5

                                                            5556036375d761594a04f9592d671dcb

                                                            SHA1

                                                            0c685676ddb5a619b76ab1985ff2831da27cc731

                                                            SHA256

                                                            5bcf4ed772f1dff978779b3625f83c3b4715d7dcbe080aaa2cb69467468cc0b9

                                                            SHA512

                                                            fa8d3c02ea03602eab3e63bea2f38e78b087617b568605f43738afd17cfb5089e17cb4c496f30467b663a87de7d83ed443ee6999aaf7858c4b5925c4a9d5d70c