Overview

overview

4

Static

static

1

ParallelsD...in.vbs

macos-10.15-amd64

1

ParallelsD..._dylib

macos-10.15-amd64

1

ParallelsD....dylib

macos-10.15-amd64

1

ParallelsD...70.dmg

macos-10.15-amd64

1

Parallels ...cOS/7z

macos-10.15-amd64

1

Parallels ...vm_app

macos-10.15-amd64

1

Parallels ...ervice

macos-10.15-amd64

1

Parallels ...ervice

macos-10.15-amd64

1

Parallels ...ed.vbs

macos-10.15-amd64

4

Parallels ...vm_app

macos-10.15-amd64

1

Parallels ...ttool2

macos-10.15-amd64

1

Parallels ....dylib

macos-10.15-amd64

1

Parallels ....dylib

macos-10.15-amd64

1

Parallels ...nt_app

macos-10.15-amd64

1

Parallels ...onvert

macos-10.15-amd64

1

Parallels ...k_tool

macos-10.15-amd64

1

Parallels ...sd2iso

macos-10.15-amd64

1

Parallels ...daemon

macos-10.15-amd64

1

Parallels ..._users

macos-10.15-amd64

1

Parallels ...helper

macos-10.15-amd64

1

Parallels ..._mkiso

macos-10.15-amd64

1

Parallels ..._naptd

macos-10.15-amd64

1

Parallels ..._start

macos-10.15-amd64

1

Parallels ...nplace

macos-10.15-amd64

1

Parallels ...rf_ctl

macos-10.15-amd64

1

Parallels ...ps2pdf

macos-10.15-amd64

1

Parallels ...spaces

macos-10.15-amd64

1

Resubmissions

18/03/2024, 20:43

240318-zhqdxahg22 4

Analysis

  • max time kernel
    141s
  • max time network
    172s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240214-en
  • resource tags

    arch:amd64arch:i386image:macos-20240214-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    18/03/2024, 20:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Parallels Desktop 19/Parallels Desktop.app/Contents/MacOS/prl_switchspaces

  • Size

    197KB

  • MD5

    9040619f67bd080a1f03599503cbfc6e

  • SHA1

    310ba6d3580909b1fbc76bcb20e3f1bf1a93b9b8

  • SHA256

    7c87cbcc964e7767fc36dd9cfd5cbfd55016a56ffc2be250bfca97f4203519e4

  • SHA512

    f0c5b8852e9fc7cd26a4511729c595f002b052e75b6eae7f3fa4ecf8db3d647b07167b5f873389d80d37512035ca755159ca2b65023a66a2e2fb64d60024d383

  • SSDEEP

    768:m1Qj0QHfiP4Dw48kqGab8+Kf5voBiX8aitCa18ronqGab8:f/PDvUGKXKfNoB9Ft9nqGK

Score
1/10

Malware Config

Signatures

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Parallels Desktop 19/Parallels Desktop.app/Contents/MacOS/prl_switchspaces\""
    1⤵
      PID:572
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Parallels Desktop 19/Parallels Desktop.app/Contents/MacOS/prl_switchspaces\""
      1⤵
        PID:572
      • /usr/bin/sudo
        sudo /bin/zsh -c "/Users/run/Parallels Desktop 19/Parallels Desktop.app/Contents/MacOS/prl_switchspaces"
        1⤵
          PID:572
          • /bin/zsh
            /bin/zsh -c "/Users/run/Parallels Desktop 19/Parallels Desktop.app/Contents/MacOS/prl_switchspaces"
            2⤵
              PID:573
            • /Users/run/Parallels
              /Users/run/Parallels Desktop 19/Parallels Desktop.app/Contents/MacOS/prl_switchspaces
              2⤵
                PID:573
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.sysmond
              1⤵
                PID:574
              • /usr/libexec/sysmond
                /usr/libexec/sysmond
                1⤵
                  PID:574
                • /usr/bin/pluginkit
                  /usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
                  1⤵
                    PID:578
                  • /usr/sbin/spctl
                    /usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater6BDB2703/OneDrive.app
                    1⤵
                      PID:579
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.audio.systemsoundserverd
                      1⤵
                        PID:584
                      • /usr/sbin/systemsoundserverd
                        /usr/sbin/systemsoundserverd
                        1⤵
                          PID:584
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.pbs
                          1⤵
                            PID:585
                          • /System/Library/CoreServices/pbs
                            /System/Library/CoreServices/pbs
                            1⤵
                              PID:585
                            • /usr/libexec/xpcproxy
                              xpcproxy com.apple.audio.AudioComponentRegistrar
                              1⤵
                                PID:586
                              • /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
                                /System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
                                1⤵
                                  PID:586
                                • /usr/libexec/xpcproxy
                                  xpcproxy com.apple.icloud.findmydeviced
                                  1⤵
                                    PID:589
                                  • /usr/libexec/findmydeviced
                                    /usr/libexec/findmydeviced
                                    1⤵
                                      PID:589
                                    • /usr/libexec/xpcproxy
                                      xpcproxy com.apple.tailspind
                                      1⤵
                                        PID:616
                                      • /usr/libexec/tailspind
                                        /usr/libexec/tailspind
                                        1⤵
                                          PID:616
                                        • /usr/sbin/spctl
                                          /usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
                                          1⤵
                                            PID:619
                                          • /usr/libexec/xpcproxy
                                            xpcproxy com.apple.bird
                                            1⤵
                                              PID:621
                                            • /System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
                                              /System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
                                              1⤵
                                                PID:621
                                              • /bin/launchctl
                                                /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
                                                1⤵
                                                  PID:627
                                                • /bin/launchctl
                                                  /bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
                                                  1⤵
                                                    PID:628

                                                  Network

                                                  MITRE ATT&CK Matrix

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads