Overview

overview

4

Static

static

1

Install Pa...op.dmg

macos-10.15-amd64

4

Install Pa...esktop

macos-10.15-amd64

1

Install Pa...PD.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Install Pa...nt.rtf

macos-10.15-amd64

4

Install Pa...se.rtf

macos-10.15-amd64

4

Analysis

  • max time kernel
    124s
  • max time network
    148s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240410-en
  • resource tags

    arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    24/04/2024, 12:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf

  • Size

    872B

  • MD5

    56c7d7a1176e27e3415b098f2d21b380

  • SHA1

    f8cc0937175002b46ac73486cef828b7c4086de4

  • SHA256

    5f0ca46768a9801dc5c714fdf6e9f438b6cb98992e987a55ca65a0450b2c3ce9

  • SHA512

    78c4c0ed6219be788ad4c0c1feae99170b733d2acee972c27faaeacbfdb1cdf0efafaaca2743d8c6dd23b0cbff4408f14ff26457e9586ea64cf6b3da0c53fdcf

Score
4/10
evasion

Malware Config

Signatures

  • Resource Forking 1 TTPs 4 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

    evasion

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf\""
    1⤵
      PID:485
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf\""
      1⤵
        PID:485
      • /usr/bin/sudo
        sudo /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"
        1⤵
          PID:485
          • /bin/zsh
            /bin/zsh -c "/Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf"
            2⤵
              PID:486
            • /Users/run/Install
              /Users/run/Install Parallels Desktop/Install Parallels Desktop.app/Contents/Resources/en.lproj/CepAgreement.rtf
              2⤵
                PID:486
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
              1⤵
                PID:528
              • /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
                1⤵
                  PID:528

                Network

                • flag-us
                  DNS
                  bag-cdn-lb.itunes-apple.com.akadns.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  bag-cdn-lb.itunes-apple.com.akadns.net
                  IN A
                  Response
                  bag-cdn-lb.itunes-apple.com.akadns.net
                  IN CNAME
                  h3.apis.apple.map.fastly.net
                  h3.apis.apple.map.fastly.net
                  IN A
                  151.101.3.6
                  h3.apis.apple.map.fastly.net
                  IN A
                  151.101.67.6
                  h3.apis.apple.map.fastly.net
                  IN A
                  151.101.131.6
                  h3.apis.apple.map.fastly.net
                  IN A
                  151.101.195.6
                • flag-us
                  DNS
                  bag-cdn-lb.itunes-apple.com.akadns.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  bag-cdn-lb.itunes-apple.com.akadns.net
                  IN A
                • flag-us
                  DNS
                  bag-cdn-lb.itunes-apple.com.akadns.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  bag-cdn-lb.itunes-apple.com.akadns.net
                  IN A
                • flag-us
                  DNS
                  cds.apple.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  cds.apple.com
                  IN A
                  Response
                  cds.apple.com
                  IN CNAME
                  cds-cdn.v.aaplimg.com
                  cds-cdn.v.aaplimg.com
                  IN CNAME
                  cds.apple.com.akadns.net
                  cds.apple.com.akadns.net
                  IN CNAME
                  cds.apple.com.edgekey.net
                  cds.apple.com.edgekey.net
                  IN CNAME
                  e14768.dscb.akamaiedge.net
                  e14768.dscb.akamaiedge.net
                  IN A
                  104.68.86.71
                • flag-us
                  DNS
                  help.apple.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  help.apple.com
                  IN A
                  Response
                  help.apple.com
                  IN CNAME
                  help.origin-apple.com.akadns.net
                  help.origin-apple.com.akadns.net
                  IN CNAME
                  help-ar.apple.com.edgekey.net
                  help-ar.apple.com.edgekey.net
                  IN CNAME
                  e11408.d.akamaiedge.net
                  e11408.d.akamaiedge.net
                  IN A
                  23.220.113.166
                • 20.52.64.201:443
                  tls, https
                  1.6kB
                   16
                • 51.116.246.105:443
                  mobile.pipe.aria.microsoft.com
                  tls
                  21.6kB
                   9.6kB
                   46
                  39
                • 17.250.81.67:443
                  tls, https
                  128 B
                   40 B
                   2
                  1
                • 104.68.86.71:443
                  cds.apple.com
                  tls
                  19.9kB
                   162.7kB
                   217
                  193
                • 23.220.113.166:443
                  help.apple.com
                  tls
                  32.9kB
                   112.6kB
                   189
                  129
                • 23.220.113.166:443
                  help.apple.com
                  tls
                  1.8kB
                   1.3kB
                   13
                  8
                • 8.8.8.8:53
                  bag-cdn-lb.itunes-apple.com.akadns.net
                  dns
                  252 B
                   187 B
                   3
                  1

                  DNS Request

                  bag-cdn-lb.itunes-apple.com.akadns.net

                  DNS Request

                  bag-cdn-lb.itunes-apple.com.akadns.net

                  DNS Request

                  bag-cdn-lb.itunes-apple.com.akadns.net

                  DNS Response

                  151.101.3.6
                  151.101.67.6
                  151.101.131.6
                  151.101.195.6

                • 8.8.8.8:53
                  cds.apple.com
                  dns
                  59 B
                   218 B
                   1
                  1

                  DNS Request

                  cds.apple.com

                  DNS Response

                  104.68.86.71

                • 8.8.8.8:53
                  help.apple.com
                  dns
                  60 B
                   196 B
                   1
                  1

                  DNS Request

                  help.apple.com

                  DNS Response

                  23.220.113.166

                • 224.0.0.251:5353
                  332 B
                   1

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.