hxxps://download167[.]uploadhaven[.]com/1/application/zip/ffTnvakKsJUEjcR7egiq6cHOrexWrwtgULNzuHHS[.]zip?key=FvwMe0No690wZDZVA3nvfw&expire=1697770184&filename=Skull[.]Island[.]Rise[.]of[.]Kong[.]zip

Analysis

max time kernel
186s
max time network
203s
platform
macos_amd64
resource
macos-20220504-en
resource tags

arch:amd64arch:i386image:macos-20220504-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
19/10/2023, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download167.uploadhaven.com/1/application/zip/ffTnvakKsJUEjcR7egiq6cHOrexWrwtgULNzuHHS.zip?key=FvwMe0No690wZDZVA3nvfw&expire=1697770184&filename=Skull.Island.Rise.of.Kong.zip

Score

1^/10

Malware Config

Signatures

/usr/sbin/spctl
/usr/sbin/spctl --status
1⤵
PID:501

/usr/sbin/spctl
/usr/sbin/spctl --test-devid-status
1⤵
PID:505

/bin/sh
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://download167.uploadhaven.com/1/application/zip/ffTnvakKsJUEjcR7egiq6cHOrexWrwtgULNzuHHS.zip?key=FvwMe0No690wZDZVA3nvfw&expire=1697770184&filename=Skull.Island.Rise.of.Kong.zip\""
1⤵
PID:507

/usr/bin/syslog
/usr/bin/syslog -s -k com.apple.message.domain com.apple.security.assessment.current_state com.apple.message.signature "assessments enabled" com.apple.message.signature2 "devid enabled" Message "Gatekeeper state assessments enabled/devid enabled"
1⤵
PID:508

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://download167.uploadhaven.com/1/application/zip/ffTnvakKsJUEjcR7egiq6cHOrexWrwtgULNzuHHS.zip?key=FvwMe0No690wZDZVA3nvfw&expire=1697770184&filename=Skull.Island.Rise.of.Kong.zip\""
1⤵
PID:507

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://download167.uploadhaven.com/1/application/zip/ffTnvakKsJUEjcR7egiq6cHOrexWrwtgULNzuHHS.zip?key=FvwMe0No690wZDZVA3nvfw&expire=1697770184&filename=Skull.Island.Rise.of.Kong.zip\""
1⤵
PID:507

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://download167.uploadhaven.com/1/application/zip/ffTnvakKsJUEjcR7egiq6cHOrexWrwtgULNzuHHS.zip?key=FvwMe0No690wZDZVA3nvfw&expire=1697770184&filename=Skull.Island.Rise.of.Kong.zip"
1⤵
PID:507

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://download167.uploadhaven.com/1/application/zip/ffTnvakKsJUEjcR7egiq6cHOrexWrwtgULNzuHHS.zip?key=FvwMe0No690wZDZVA3nvfw&expire=1697770184&filename=Skull.Island.Rise.of.Kong.zip"
1⤵
PID:507
- /bin/zsh
  /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://download167.uploadhaven.com/1/application/zip/ffTnvakKsJUEjcR7egiq6cHOrexWrwtgULNzuHHS.zip?key=FvwMe0No690wZDZVA3nvfw&expire=1697770184&filename=Skull.Island.Rise.of.Kong.zip"
  2⤵
  PID:514
- /bin/zsh
  /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --new-window https://download167.uploadhaven.com/1/application/zip/ffTnvakKsJUEjcR7egiq6cHOrexWrwtgULNzuHHS.zip?key=FvwMe0No690wZDZVA3nvfw&expire=1697770184&filename=Skull.Island.Rise.of.Kong.zip"
  2⤵
  PID:514

/usr/libexec/xpcproxy
xpcproxy com.apple.systemprofiler
1⤵
PID:521

/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information
"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:524

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:528

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:525

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:528

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:526

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:524

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:532

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:532

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 522
1⤵
PID:533

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:537

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:537

/usr/libexec/xpcproxy
xpcproxy com.apple.AppStore.1900
1⤵
PID:540

/System/Applications/App Store.app/Contents/MacOS/App Store
"/System/Applications/App Store.app/Contents/MacOS/App Store"
1⤵
PID:540

/usr/libexec/xpcproxy
xpcproxy com.apple.storeuid
1⤵
PID:541

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
1⤵
PID:541

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 540
1⤵
PID:545

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:555

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.713A04C0-A89A-4451-A89B-5D7A7645C3E6 540
1⤵
PID:556

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:558

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:558

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:564

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:565

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:565

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:566

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.2F908CFB-2763-4E62-B8F3-57D00F64240D 540
1⤵
PID:567

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:567

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
241KB

MD5
1eecffdab0ed6af6ed4c34bfb7013685

SHA1
46c65032e65944602014c8200c21a4dfcfb54f13

SHA256
4c7655b69adbb097973fb688ff74a60fe3f61937777ee2020490cc7975aa8a09

SHA512
cbdd65b2fec933c160d3b75e568060a851fe3192ec3cfa9e85d2995e27c40e6c7f196f59704b4638a75ed3c5baa34a8de6bb095391d35636c37b5e5277af299b

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression.tmp

Filesize
241KB

MD5
1eecffdab0ed6af6ed4c34bfb7013685

SHA1
46c65032e65944602014c8200c21a4dfcfb54f13

SHA256
4c7655b69adbb097973fb688ff74a60fe3f61937777ee2020490cc7975aa8a09

SHA512
cbdd65b2fec933c160d3b75e568060a851fe3192ec3cfa9e85d2995e27c40e6c7f196f59704b4638a75ed3c5baa34a8de6bb095391d35636c37b5e5277af299b

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
25.6MB

MD5
145debd957a77a96067d8b355acabb74

SHA1
9505a3593c1e9196dfcb2ad2d54326f14ba0b72c

SHA256
f2cc74c897f27fc810db1e84e0bfb0f776c6875c3ccaa453875d6a879e927390

SHA512
4a21167cbc775d17357aed4d0bad538b6bbc4ec85283ceccb5861120bb82a0415884cf20fe4a47644e3aba941e3651ec63296c15518e3e657c52fdf28727491f

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression.tmp

Filesize
25.6MB

MD5
145debd957a77a96067d8b355acabb74

SHA1
9505a3593c1e9196dfcb2ad2d54326f14ba0b72c

SHA256
f2cc74c897f27fc810db1e84e0bfb0f776c6875c3ccaa453875d6a879e927390

SHA512
4a21167cbc775d17357aed4d0bad538b6bbc4ec85283ceccb5861120bb82a0415884cf20fe4a47644e3aba941e3651ec63296c15518e3e657c52fdf28727491f

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
121KB

MD5
9bcbc305b933be5ec6e7486b551f4732

SHA1
68ed8db03e7eb085190bcd85afe55ca9f0629be8

SHA256
cc2f2f03fe21abacc80f39d199e0143d689453c9ededefd1ddb1a0e815b6af47

SHA512
4e6d2a7575f8012bec08010b66b4174288f0d64685060c959b06a11b373878ef62507545491487512ada87f13c74c1d52a238cf15754e99bf984b28f086092db

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression.tmp

Filesize
121KB

MD5
9bcbc305b933be5ec6e7486b551f4732

SHA1
68ed8db03e7eb085190bcd85afe55ca9f0629be8

SHA256
cc2f2f03fe21abacc80f39d199e0143d689453c9ededefd1ddb1a0e815b6af47

SHA512
4e6d2a7575f8012bec08010b66b4174288f0d64685060c959b06a11b373878ef62507545491487512ada87f13c74c1d52a238cf15754e99bf984b28f086092db

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.WebKit.WebContent.Sandbox/CompiledSandbox+I1q2HjXwBhU_U59j0Gp2AcT9aI-SwaDMdcQzS7VmCg4

Filesize
48KB

MD5
47b17ccb45bc4e6c3acd3c2309ba82c6

SHA1
4195604ce1f8144f6f7b7e1b643fd8c888207555

SHA256
dd5b987e7988d6458db2937871b215f87d56531e479101001035e2b848aecbe1

SHA512
abe479a0650b319183982e45b1e5d67552c1623d661441fdcc791a26d8469137bb9aabe7cbaad186ace62ef7a0c05eea0c106ecf43ed73cb5c126ce8bd18a0b7

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.WebKit.WebContent.Sandbox/CompiledSandbox+I1q2HjXwBhU_U59j0Gp2AcT9aI-SwaDMdcQzS7VmCg4

Filesize
48KB

MD5
47b17ccb45bc4e6c3acd3c2309ba82c6

SHA1
4195604ce1f8144f6f7b7e1b643fd8c888207555

SHA256
dd5b987e7988d6458db2937871b215f87d56531e479101001035e2b848aecbe1

SHA512
abe479a0650b319183982e45b1e5d67552c1623d661441fdcc791a26d8469137bb9aabe7cbaad186ace62ef7a0c05eea0c106ecf43ed73cb5c126ce8bd18a0b7

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/com.apple.scriptmanager2.le.cache

Filesize
18KB

MD5
1d8e1388683dc96ed97907efcce83fda

SHA1
561fdf03a98032baaeb7bc214fd6fc2712ba42b0

SHA256
a6be2b32f120066646a50b537477f2d359d7013851f123146cb9b6a7a1371e8c

SHA512
70a1e99dad32b200eb26ad78e6433b3e9e052355ada3a3ad1cb6c644c1a0513e593ccd89ef8b9b305013b37f3f850f049d787677878f412d23fb517147c18c98

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.appstore/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsDirectory.db_

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/mds/mdsObject.db_

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/com.apple.AppStore/TemporaryItems/(A Document Being Saved By App Store)/sap-setup-cert.txt

Filesize
2KB

MD5
fc9f826f89b00b4f7fdce0bc9831370e

SHA1
357b3c8b4e30dd4927c1bba9200f1d0d0b54e3b6

SHA256
4d8deea49240223b7d6ef9d4dbdaacec8a20901f41131d72931860bd2dd0db73

SHA512
715521e288483783d33d3dd81f9768fdd707cbc9d588e3caf0b626fb0b113e06bd01f5d010188a62486cde2c5ca07c3aa3ee4421eb018a89c9ab1648b386f142

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads