Analysis

  • max time kernel
    52s
  • max time network
    79s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240214-en
  • resource tags

    arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    12/03/2024, 14:31

General

  • Target

    dd.txt

  • Size

    739B

  • MD5

    d9ac2483fe3e23f1cfa5b7674988d281

  • SHA1

    76e5e5070308746093743bc5211e628cb771c55d

  • SHA256

    40a9cc1a1413b038f338802ac6f982d5c16e35ad5a3e93e5b8581b58e602d2a1

  • SHA512

    793dc87c0d7ba9b83a49c2c88fb889f36e7deee53b65860b2fc78f7aba8710cda4f0b8384015c7773c7c4bc2510953d6c916ed3eda3d27fd2e11aaeb0af3d689

Score
4/10

Malware Config

Signatures

  • Resource Forking 1 TTPs 1 IoCs

Processes

  • /usr/libexec/xpcproxy
    xpcproxy com.oracle.java.Java-Updater
    1⤵
      PID:529
    • /bin/sh
      sh -c "sudo /bin/zsh -c \"/Users/run/dd.txt\""
      1⤵
        PID:533
      • /bin/bash
        sh -c "sudo /bin/zsh -c \"/Users/run/dd.txt\""
        1⤵
          PID:533
        • /usr/bin/sudo
          sudo /bin/zsh -c /Users/run/dd.txt
          1⤵
            PID:533
            • /bin/zsh
              /bin/zsh -c /Users/run/dd.txt
              2⤵
                PID:534
              • /Users/run/dd.txt
                /Users/run/dd.txt
                2⤵
                  PID:534
                • /bin/sh
                  sh /Users/run/dd.txt
                  2⤵
                    PID:534
                  • /bin/bash
                    sh /Users/run/dd.txt
                    2⤵
                      PID:534
                  • /usr/libexec/dmd
                    /usr/libexec/dmd
                    1⤵
                      PID:523
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.sysmond
                      1⤵
                        PID:542
                      • /usr/libexec/sysmond
                        /usr/libexec/sysmond
                        1⤵
                          PID:542
                        • /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
                          "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck
                          1⤵
                            PID:529
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.geod
                            1⤵
                              PID:567
                            • /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                              /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
                              1⤵
                                PID:567
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.AddressBook.ContactsAccountsService
                                1⤵
                                  PID:569
                                • /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                                  /System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
                                  1⤵
                                    PID:569
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.routined
                                    1⤵
                                      PID:570
                                    • /usr/libexec/routined
                                      /usr/libexec/routined LAUNCHED_BY_LAUNCHD
                                      1⤵
                                        PID:570
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.Maps.mapspushd
                                        1⤵
                                          PID:571
                                        • /System/Library/CoreServices/mapspushd
                                          /System/Library/CoreServices/mapspushd
                                          1⤵
                                            PID:571
                                          • /usr/libexec/xpcproxy
                                            xpcproxy com.apple.nehelper
                                            1⤵
                                              PID:575
                                            • /usr/libexec/nehelper
                                              /usr/libexec/nehelper
                                              1⤵
                                                PID:575

                                              Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads