hxxp://feedheaven[.]net/ViewSwitcher/SwitchView?mobile=False&returnUrl=hxxps://srvassist-ckh[.]dynv6[.]net/ds

Analysis

max time kernel
138s
max time network
139s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
17/04/2024, 03:54 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds\""
1⤵
PID:482

/bin/bash
sh -c "sudo /bin/zsh -c \"/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds\""
1⤵
PID:482

/usr/bin/sudo
sudo /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds"
1⤵
PID:482
- /bin/zsh
  /bin/zsh -c "/Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds"
  2⤵
  PID:483

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:527

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:540

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:541

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:542

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:542

Network

DNS

apis.apple.map.fastly.net

Remote address:

8.8.8.8:53

Request

apis.apple.map.fastly.net

IN A

Response

apis.apple.map.fastly.net

IN A

151.101.3.6

apis.apple.map.fastly.net

IN A

151.101.67.6

apis.apple.map.fastly.net

IN A

151.101.131.6

apis.apple.map.fastly.net

IN A

151.101.195.6
DNS

apis.apple.map.fastly.net

Remote address:

8.8.8.8:53

Request

apis.apple.map.fastly.net

IN A
DNS

bag-cdn-lb.itunes-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

bag-cdn-lb.itunes-apple.com.akadns.net

IN A

Response

bag-cdn-lb.itunes-apple.com.akadns.net

IN CNAME

apis.apple.map.fastly.net

apis.apple.map.fastly.net

IN A

151.101.3.6

apis.apple.map.fastly.net

IN A

151.101.67.6

apis.apple.map.fastly.net

IN A

151.101.131.6

apis.apple.map.fastly.net

IN A

151.101.195.6
DNS

mobile.events.data.trafficmanager.net

Remote address:

8.8.8.8:53

Request

mobile.events.data.trafficmanager.net

IN A

Response

mobile.events.data.trafficmanager.net

IN CNAME

onedscolprdcus06.centralus.cloudapp.azure.com

onedscolprdcus06.centralus.cloudapp.azure.com

IN A

13.89.179.8
DNS

cds.apple.com

Remote address:

8.8.8.8:53

Request

cds.apple.com

IN A

Response

cds.apple.com

IN CNAME

cds-cdn.v.aaplimg.com

cds-cdn.v.aaplimg.com

IN CNAME

cds.apple.com.akadns.net

cds.apple.com.akadns.net

IN CNAME

cds.apple.com.edgekey.net

cds.apple.com.edgekey.net

IN CNAME

e14768.dscb.akamaiedge.net

e14768.dscb.akamaiedge.net

IN A

104.68.86.71
DNS

help.apple.com

Remote address:

8.8.8.8:53

Request

help.apple.com

IN A

Response

help.apple.com

IN CNAME

help.origin-apple.com.akadns.net

help.origin-apple.com.akadns.net

IN CNAME

help-ar.apple.com.edgekey.net

help-ar.apple.com.edgekey.net

IN CNAME

e11408.d.akamaiedge.net

e11408.d.akamaiedge.net

IN A

184.30.157.247

20.52.64.201:443

tls, https

1.6kB
16
17.250.81.67:443

tls, https

128 B
40 B
2
1
51.116.246.105:443

mobile.pipe.aria.microsoft.com

tls

14.4kB
9.1kB
40
29
104.68.86.71:443

cds.apple.com

tls

18.9kB
161.1kB
211
189
184.30.157.247:443

help.apple.com

tls

29.9kB
111.0kB
164
124
184.30.157.247:443

help.apple.com

tls

1.5kB
1.1kB
8
5

8.8.8.8:53

apis.apple.map.fastly.net

dns

142 B
135 B
2
1

DNS Request

apis.apple.map.fastly.net

DNS Request

apis.apple.map.fastly.net

DNS Response

151.101.3.6

151.101.67.6

151.101.131.6

151.101.195.6
8.8.8.8:53

bag-cdn-lb.itunes-apple.com.akadns.net

dns

84 B
184 B
1
1

DNS Request

bag-cdn-lb.itunes-apple.com.akadns.net

DNS Response

151.101.3.6

151.101.67.6

151.101.131.6

151.101.195.6
224.0.0.251:5353

332 B
1
8.8.8.8:53

mobile.events.data.trafficmanager.net

dns

83 B
158 B
1
1

DNS Request

mobile.events.data.trafficmanager.net

DNS Response

13.89.179.8
8.8.8.8:53

cds.apple.com

dns

59 B
218 B
1
1

DNS Request

cds.apple.com

DNS Response

104.68.86.71
8.8.8.8:53

help.apple.com

dns

60 B
196 B
1
1

DNS Request

help.apple.com

DNS Response

184.30.157.247

Windows 7 deprecation

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.