Analysis Overview
SHA256
40a9cc1a1413b038f338802ac6f982d5c16e35ad5a3e93e5b8581b58e602d2a1
Threat Level: Likely benign
The file dd.txt was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-12 14:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-12 14:31
Reported
2024-03-12 14:33
Platform
macos-20240214-en
Max time kernel
52s
Max time network
79s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
Processes
/usr/libexec/xpcproxy
[xpcproxy com.oracle.java.Java-Updater]
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/dd.txt"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/dd.txt"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/dd.txt]
/bin/zsh
[/bin/zsh -c /Users/run/dd.txt]
/Users/run/dd.txt
[/Users/run/dd.txt]
/bin/sh
[sh /Users/run/dd.txt]
/bin/bash
[sh /Users/run/dd.txt]
/usr/libexec/dmd
[/usr/libexec/dmd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
Network
| Country | Destination | Domain | Proto |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| US | 52.182.143.208:443 | tcp | |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| GB | 23.56.238.120:443 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 23.56.238.114:443 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.86:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 95.100.244.136:443 | tcp | |
| GB | 104.91.71.85:443 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| US | 17.137.170.10:443 | tcp | |
| US | 17.137.170.34:443 | tcp | |
| GB | 95.100.244.136:443 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 52.182.143.208:443 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| GB | 23.56.238.120:443 | tcp | |
| GB | 23.56.238.114:443 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| GB | 23.56.238.120:443 | tcp | |
| GB | 23.56.238.114:443 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp | |
| GB | 17.253.77.201:80 | tcp |