Malware Analysis Report

2025-08-05 22:27

Sample ID 240312-rv126sda74
Target dd.txt
SHA256 40a9cc1a1413b038f338802ac6f982d5c16e35ad5a3e93e5b8581b58e602d2a1
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

40a9cc1a1413b038f338802ac6f982d5c16e35ad5a3e93e5b8581b58e602d2a1

Threat Level: Likely benign

The file dd.txt was found to be: Likely benign.

Malicious Activity Summary

evasion

Resource Forking

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-12 14:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-12 14:31

Reported

2024-03-12 14:33

Platform

macos-20240214-en

Max time kernel

52s

Max time network

79s

Command Line

[xpcproxy com.oracle.java.Java-Updater]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck N/A N/A

Processes

/usr/libexec/xpcproxy

[xpcproxy com.oracle.java.Java-Updater]

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/dd.txt"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/dd.txt"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/dd.txt]

/bin/zsh

[/bin/zsh -c /Users/run/dd.txt]

/Users/run/dd.txt

[/Users/run/dd.txt]

/bin/sh

[sh /Users/run/dd.txt]

/bin/bash

[sh /Users/run/dd.txt]

/usr/libexec/dmd

[/usr/libexec/dmd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater

[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

Network

Country Destination Domain Proto
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
US 52.182.143.208:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
GB 23.56.238.120:443 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 23.56.238.114:443 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
US 8.8.8.8:53 a1366.dscapi6.akamai.net udp
GB 104.91.71.86:443 tcp
US 8.8.8.8:53 e4686.dsce9.akamaiedge.net udp
GB 95.100.244.136:443 tcp
GB 104.91.71.85:443 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
US 17.137.170.10:443 tcp
US 17.137.170.34:443 tcp
GB 95.100.244.136:443 tcp
GB 17.253.77.201:80 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 52.182.143.208:443 tcp
GB 17.253.77.201:80 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
GB 23.56.238.120:443 tcp
GB 23.56.238.114:443 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
GB 23.56.238.120:443 tcp
GB 23.56.238.114:443 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp
GB 17.253.77.201:80 tcp

Files

N/A