eb71dad7e3c7fc10f128a9f4c1aebdb527eb4192e3525010322559ca9b63d610

Analysis

max time kernel
149s
max time network
123s
platform
macos-10.15_amd64
resource
macos-20231201-en
resource tags

arch:amd64arch:i386image:macos-20231201-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
02/02/2024, 01:01 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7zip/mac/x64/7za
Size

2.8MB
MD5

335361d7f6faf13cadbf116bfdb97226
SHA1

d6cba0f2e221d1061261767ec38ddd7c550015a3
SHA256

434075f6ff5ea9250571033ca06b95d464efcad87a528dd0b224816c86b1a444
SHA512

5fa86f6ec50e0f2fa87ec7cfa0e98cf2bfe158035e5af024e017cce4ddb33aea631008e43328e6049e0f95e8c63dac8b1e03d3c949b34ad2a3e94ab979cad0e0
SSDEEP

49152:VxV0AtX4EEf/Gf80I+qnyVUdbU1t4t1zCtmf3ybzh2uI1I+wwBV2Lg800h/E2zz8:Vf54EEf/Th0VEHf3yb5U0h/ELGCTZ5

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/7zip/mac/x64/7za\""
1⤵
PID:536

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/7zip/mac/x64/7za\""
1⤵
PID:536

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/7zip/mac/x64/7za
1⤵
PID:536
- /bin/zsh
  /bin/zsh -c /Users/run/7zip/mac/x64/7za
  2⤵
  PID:537
- /Users/run/7zip/mac/x64/7za
  /Users/run/7zip/mac/x64/7za
  2⤵
  PID:537

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:539

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:562

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:567

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:567

Network

DNS

e673.dsce9.akamaiedge.net

Remote address:

8.8.8.8:53

Request

e673.dsce9.akamaiedge.net

IN A

Response

e673.dsce9.akamaiedge.net

IN A

95.100.244.21
DNS

certs.apple.com

Remote address:

8.8.8.8:53

Request

certs.apple.com

IN A

Response

certs.apple.com

IN CNAME

certs-lb.apple.com.akadns.net

certs-lb.apple.com.akadns.net

IN CNAME

certs.g.aaplimg.com

certs.g.aaplimg.com

IN A

17.253.63.203
GET

http://certs.apple.com/apevsrsa2g1.der

Remote address:

17.253.63.203:80

Request

GET /apevsrsa2g1.der HTTP/1.1
Host: certs.apple.com
Accept: */*
Accept-Language: en-us
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: com.apple.trustd/2.0
GET

http://certs.apple.com/apevsrsa2g1.der

Remote address:

17.253.63.203:80

Request

GET /apevsrsa2g1.der HTTP/1.1
Host: certs.apple.com
Accept: */*
Accept-Language: en-us
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: com.apple.trustd/2.0

Response

HTTP/1.1 200 OK

Server: ATS/9.0.3
Date: Fri, 02 Feb 2024 00:13:04 GMT
Content-Type: application/pkix-cert
X-Responding-Server: massilia_protocol_030:130009602:st49p01if-qufw03154001.st.if.apple.com:8081:20P47:f3d195f04404
X-iCLoud-Availability: [B, L, DL]
Trailer: Content-MD5, Content-Sources
X-Apple-Request-UUID: 109bc88e-9fe5-4953-9311-2b945f5cbf4a
X-Apple-MS-Content-Length: 1334
X-iCloud-Content-Length: 1334
X-Apple-Request-UUID: 109bc88e-9fe5-4953-9311-2b945f5cbf4a
Accept-Ranges: bytes
x-icloud-versionid: 2afa8690-e7e5-11ea-a040-d8c497b4540d
Last-Modified: Wed, 26 Aug 2020 21:43:24 GMT
Cache-Control: max-age=3600, public
Strict-Transport-Security: max-age=31536000; includeSubDomains;
X-DLB-Upstream: 10.117.85.4:8081
Content-Length: 1334
Via: http/1.1 iedub1-edge-lx-004.ts.apple.com (acdn/111.14403), http/1.0 iedub1-edge-bx-005.ts.apple.com (acdn/111.14403)
CDNUUID: fb3e568b-4c6f-48fe-b5dc-03ca1262d50e-25088438085
X-Cache: hit-fresh, hit-fresh
Etag: "8BBD9741D369F8B7D6B2D422D2FFB12E"
Age: 3537
Connection: keep-alive
DNS

mobile.events.data.trafficmanager.net

Remote address:

8.8.8.8:53

Request

mobile.events.data.trafficmanager.net

IN A

Response

mobile.events.data.trafficmanager.net

IN CNAME

onedscolprduks03.uksouth.cloudapp.azure.com

onedscolprduks03.uksouth.cloudapp.azure.com

IN A

51.105.71.137
DNS

cds.apple.com

Remote address:

8.8.8.8:53

Request

cds.apple.com

IN A

Response

cds.apple.com

IN CNAME

cds-cdn.v.aaplimg.com

cds-cdn.v.aaplimg.com

IN A

82.78.25.240
DNS

help.apple.com

Remote address:

8.8.8.8:53

Request

help.apple.com

IN A

Response

help.apple.com

IN CNAME

help.origin-apple.com.akadns.net

help.origin-apple.com.akadns.net

IN CNAME

help-ar.apple.com.edgekey.net

help-ar.apple.com.edgekey.net

IN CNAME

e11408.d.akamaiedge.net

e11408.d.akamaiedge.net

IN A

23.44.233.108

20.42.73.28:443

tls, https

1.8kB
16
17.253.63.203:80

http://certs.apple.com/apevsrsa2g1.der

http

635 B
1.2kB
8
3

HTTP Request

GET http://certs.apple.com/apevsrsa2g1.der
17.253.63.203:80

http://certs.apple.com/apevsrsa2g1.der

http

571 B
2.7kB
7
5

HTTP Request

GET http://certs.apple.com/apevsrsa2g1.der

HTTP Response

200
20.189.173.2:443

mobile.pipe.aria.microsoft.com

tls

13.3kB
8.5kB
39
26
82.78.25.240:443

cds.apple.com

tls

63.0kB
1.0MB
855
855
23.44.233.108:443

help.apple.com

tls

29.5kB
112.6kB
165
124
23.44.233.108:443

help.apple.com

tls

1.5kB
1.2kB
8
7

8.8.8.8:53

e673.dsce9.akamaiedge.net

dns

71 B
87 B
1
1

DNS Request

e673.dsce9.akamaiedge.net

DNS Response

95.100.244.21
8.8.8.8:53

certs.apple.com

dns

61 B
150 B
1
1

DNS Request

certs.apple.com

DNS Response

17.253.63.203
8.8.8.8:53

mobile.events.data.trafficmanager.net

dns

83 B
156 B
1
1

DNS Request

mobile.events.data.trafficmanager.net

DNS Response

51.105.71.137
8.8.8.8:53

cds.apple.com

dns

59 B
107 B
1
1

DNS Request

cds.apple.com

DNS Response

82.78.25.240
8.8.8.8:53

help.apple.com

dns

60 B
196 B
1
1

DNS Request

help.apple.com

DNS Response

23.44.233.108
224.0.0.251:5353

332 B
1

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.