84cf48a5d7dedccb8a6da85b8566e47415c5e07ef87618ddb4ca11f86350604a

Analysis

max time kernel
149s
max time network
153s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
25-04-2024 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

484KB
MD5

43b2b84129851d8833ba5660bed4fd7b
SHA1

267182a455a9585656949bfbae6251b51346077e
SHA256

84cf48a5d7dedccb8a6da85b8566e47415c5e07ef87618ddb4ca11f86350604a
SHA512

c99d25889aa35ed82b9aefa7fb49a0b06c3a963a330a55b5be16dc4c035fa23b7fd27a7886e27267e6da1fb74d02fe75d25523d1952a26a5a67df91f0f3888c7
SSDEEP

6144:igfIRSIRUIRFIRUIRBIRLIRVIR+IRwIR3ip:i+IUIiI3IGIvI5InIsIKIhip

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 12 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	process
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/sample.html\""
1⤵
PID:562

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/sample.html\""
1⤵
PID:562

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/sample.html
1⤵
PID:562

/bin/zsh
/bin/zsh -c /Users/run/sample.html
2⤵
PID:563

/Users/run/sample.html
/Users/run/sample.html
2⤵
PID:563

/bin/sh
sh /Users/run/sample.html
2⤵
PID:563

/bin/bash
sh /Users/run/sample.html
2⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:587

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.security.cloudkeychainproxy3
1⤵
PID:590

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
1⤵
PID:590

/usr/libexec/xpcproxy
xpcproxy com.apple.assistantd
1⤵
PID:598

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
1⤵
PID:598

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app
1⤵
PID:600

/usr/libexec/xpcproxy
xpcproxy com.apple.TextInputMenuAgent
1⤵
PID:604

/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
1⤵
PID:604

/usr/libexec/xpcproxy
xpcproxy com.apple.TextInputSwitcher
1⤵
PID:606

/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
1⤵
PID:606

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:609

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:609

/usr/libexec/xpcproxy
xpcproxy com.apple.geod
1⤵
PID:610

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
1⤵
PID:610

/usr/libexec/xpcproxy
xpcproxy com.apple.secinitd
1⤵
PID:611

/usr/libexec/secinitd
/usr/libexec/secinitd
1⤵
PID:611

/usr/libexec/xpcproxy
xpcproxy com.apple.pbs
1⤵
PID:614

/System/Library/CoreServices/pbs
/System/Library/CoreServices/pbs
1⤵
PID:614

/usr/libexec/xpcproxy
xpcproxy com.apple.siri.context.service
1⤵
PID:617

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
1⤵
PID:617

/usr/libexec/xpcproxy
xpcproxy com.apple.AddressBook.ContactsAccountsService
1⤵
PID:619

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
1⤵
PID:619

/usr/libexec/xpcproxy
xpcproxy com.apple.suggestd
1⤵
PID:620

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
1⤵
PID:620

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:621

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:621

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 621
1⤵
PID:623

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:623

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:625

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:626

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:627

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:628

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:629

/usr/libexec/xpcproxy
xpcproxy com.apple.CoreAuthentication.agent
1⤵
PID:630

/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
1⤵
PID:630

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:631

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:631

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:633

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:633

/usr/libexec/xpcproxy
xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A
1⤵
PID:637

/usr/libexec/neagent
/usr/libexec/neagent
1⤵
PID:637

/usr/libexec/xpcproxy
xpcproxy com.apple.preference.universalaccess.remoteservice 621
1⤵
PID:638

/System/Library/PreferencePanes/UniversalAccessPref.prefPane/Contents/XPCServices/com.apple.preference.universalaccess.remoteservice.xpc/Contents/MacOS/com.apple.preference.universalaccess.remoteservice
/System/Library/PreferencePanes/UniversalAccessPref.prefPane/Contents/XPCServices/com.apple.preference.universalaccess.remoteservice.xpc/Contents/MacOS/com.apple.preference.universalaccess.remoteservice
1⤵
PID:638

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:639

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:640

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:641

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:642

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:643

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:644

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:644

/usr/libexec/xpcproxy
xpcproxy com.apple.tailspind
1⤵
PID:645

/usr/libexec/tailspind
/usr/libexec/tailspind
1⤵
PID:645

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:646

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:646

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:647

/usr/libexec/xpcproxy
xpcproxy com.apple.knowledge-agent
1⤵
PID:649

/usr/libexec/knowledge-agent
/usr/libexec/knowledge-agent
1⤵
PID:649

/usr/libexec/xpcproxy
xpcproxy com.apple.routined
1⤵
PID:651

/usr/libexec/routined
/usr/libexec/routined LAUNCHED_BY_LAUNCHD
1⤵
PID:651

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash
1⤵
PID:652

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash agent
1⤵
PID:652

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:653

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:653

/usr/libexec/xpcproxy
xpcproxy com.apple.speech.speechsynthesisd
1⤵
PID:654

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
1⤵
PID:654

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:655

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon
1⤵
PID:655

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 654
1⤵
PID:656

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:656

/usr/libexec/xpcproxy
xpcproxy com.apple.Maps.mapspushd
1⤵
PID:659

/System/Library/CoreServices/mapspushd
/System/Library/CoreServices/mapspushd
1⤵
PID:659

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportCrash.Root
1⤵
PID:662

/System/Library/CoreServices/ReportCrash
/System/Library/CoreServices/ReportCrash daemon
1⤵
PID:662

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:664

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:665

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:666

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:666

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:667

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:667

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.D084129E-0BA5-434C-B634-450288467471 666
1⤵
PID:668

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:668

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:671

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:671

/usr/libexec/xpcproxy
xpcproxy com.apple.akd
1⤵
PID:672

/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
1⤵
PID:672

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.9F1B1814-B3CA-4C19-950B-E804EB1AEF14 666
1⤵
PID:673

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:673

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 666
1⤵
PID:674

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:674

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:675

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:675

/bin/sh
sh -c /usr/sbin/kextstat
1⤵
PID:676

/bin/bash
sh -c /usr/sbin/kextstat
1⤵
PID:676

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.38CC6EE5-705A-4FA9-BE23-0E23AD76FDD8 666
1⤵
PID:677

/usr/sbin/kextstat
/usr/sbin/kextstat
1⤵
PID:676

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:677

/usr/libexec/xpcproxy
xpcproxy com.apple.mediaremoted
1⤵
PID:678

/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted
/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted
1⤵
PID:678

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:680

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
1⤵
PID:680

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 677
1⤵
PID:681

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:681

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.C3EA010E-2392-43B4-992F-CE1793111F04 666
1⤵
PID:682

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:682

/usr/libexec/xpcproxy
xpcproxy com.apple.accessibility.mediaaccessibilityd
1⤵
PID:685

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
1⤵
PID:685

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.A05744D5-4F15-4C8B-9991-EAC010585EBB 666
1⤵
PID:686

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:686

/usr/libexec/xpcproxy
xpcproxy com.apple.mobile.keybagd
1⤵
PID:687

/usr/libexec/keybagd
/usr/libexec/keybagd -t 15
1⤵
PID:687

/usr/libexec/xpcproxy
xpcproxy com.apple.nsurlstoraged
1⤵
PID:688

/usr/libexec/nsurlstoraged
/usr/libexec/nsurlstoraged --privileged
1⤵
PID:688

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 677
1⤵
PID:690

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:690

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:691

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:691

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:692

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
Filesize
124KB

MD5
ccbe08c341e86efeb6fadc53ae744dde

SHA1
f1e12e6232465e45f23b93ad1607bc96783622c8

SHA256
c437459f7cc6e6b20c5f8a787a7fbe1ff318945c78c5341c867d105b9b8c7911

SHA512
327456825e8412206aa07008b1153e1e4d5e46dd4a7aa8c81f5efb1811f20362655c5686badf63c652e187fac5e29cb733cae037bb71e9fc0c86b16713cf3cde

Download Submit
/Users/run/Library/Caches/GeoServices/Experiments.pbd
Filesize
291B

MD5
13b8db6d0ab9d1c675954278377307e8

SHA1
7f193aa38e280b59d3284b764bf6b50c8c6e3bf2

SHA256
fe300c8d420af200344b19a4bc887cf922e4cbff53141abf4969d96a435a7cfc

SHA512
4c8173a72d043d4d0fb83503282f6f3c5d020d492bdb2aa9951f727de673d3c04ccdd25e8d09f7320858eee534de55b9c6865765c2f89dc029d7712926e27f63

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/118554E8B143CE61F480450965EAAB65
Filesize
5KB

MD5
f00ffb858024f95fbde9c8ef2a62c4bc

SHA1
ca0fc41d59a2d8bd769f2376d1fd828912bb3c76

SHA256
0a3ba6c9348a3d6a485cb00c88ad6b04be11e61d9c0150558003e9f8502939c3

SHA512
1a666cbd95a5c09f30c862dbabe6784ca87856d23ef0d2a289bc94eb991aea268b39d423fc317bd00b7e9816a45f8bd5df2ca75b24361a203f64a7bf0ff51fbf

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/D121788A6B2130F3D1C84BD83301224E
Filesize
5KB

MD5
80f7367cb52983d2b58c2570460a9e9b

SHA1
8b1020b84f2c57bc43c0b0e504529fbd176fc694

SHA256
d7dd223f488a3dc314edecff758abc774093909d8cdaabb5c6b3f5a84a6f4be7

SHA512
ec16f486883b31551597eaa82406989c159a5e186ec33fcc8fbc85093d1ac758bfab065a9a8f91ef3087456cc2a0b2b097dbb074f567280f5ccf8f3838eaceb3

Download Submit
/private/var/db/spindump/tailspin-trace.2024-04-25_12-41-05.tailspin
Filesize
17.8MB

MD5
894597216facde6b34d14de90568b6ba

SHA1
587311606aa57c559d61fbc80c8fe4506bea8137

SHA256
8c5d2095956b42b0247efbe055d742fc0ef7974f8bce4a15e10e472055ccfb10

SHA512
6173e68138465df715815a3689d09e48f181e840053f6041a00555ab50485b757145a2258e59ce887c2b62682e7cf7439c910af24f6bcd0ac5b8bdf755045ff5

Download Submit
/var/db/locationd/Library/Caches/GeoServices/Resources/altitude-1269.xml
Filesize
167KB

MD5
a645869f7bf432953f0292ca5fd17ad8

SHA1
9063c8541f8d4d81d301df8b359a30071d42b119

SHA256
04daf260c11cd34cd84f42fb5a47f1d5717d0b2f62b236826d7c3a6f0a1c9db9

SHA512
6449c45cd990750cf88cbf75b3320e6d972ba1b10dd8bb23835e1d298efb0b5d50399ad2c4be9d3d068619d645e544afc3245c66630da1878c8688811e76fca4

Download Submit
/var/db/nsurlstoraged/dafsaData.bin
Filesize
53KB

MD5
7e6f706958b092cc383164b72f0747d3

SHA1
0b5610fe3452fcd8b30c39512b182ed2ea658d08

SHA256
3fa3a11ba183442ad6d6f0736d9a885c929157a52055867c8548ee4412dcaf02

SHA512
b9900d308bb49a051cf1a03134be994e387dc1707a45d81c8972dd05b6b3acb95f06120877f3ad3ee5f468200bbd1974ef82b170b32b51a36a8f892e849332ea

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsDirectory.db
Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/assistantd//mds/mdsObject.db
Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
Filesize
220KB

MD5
6078c8d733d658f83540ae6bda32ddc9

SHA1
0e0921e685a6aaa81b0136eb8124e44d83dd77ca

SHA256
fb5837e6788eba17a3ffff9f694648e4a33741576759d4173a7b1a2e0dd9eef1

SHA512
5b71598da22859cec9fc8d997885372f4df4b5cd036d928990c3fc5bcee5ae932934607ce8da3c68164a96da61f52e43644d5d82adaec3adf5b88c322c687fae

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
Filesize
22.5MB

MD5
33717a986b7e47328bc33446f0a2c607

SHA1
c6b4991aa30b83f38f00e6254d94c9e9bddd4407

SHA256
eed394e3ed632e1115413dabd498868efb82f056eccd0815f0523b7e112ef0f1

SHA512
e3d0a5f5d43a5183a386b5aa5440f908ee7862869b0c069feb66d176c04b199a3092d1b31c8889eb09094f453d5eb6544c9611e6d12f4867467ce63a61ef0de1

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
Filesize
120KB

MD5
48a608006a93afad43919d696e75edb8

SHA1
4f3b7c00867f1e3a55002c2321c545474cdad1f3

SHA256
79a415b03d78bd28951b31f6198073ef538feb41e6b985398a5b9e6e277cb54e

SHA512
e07525670238df5500466464de5823668de8bd4ca3162e95188bbd0e3e27c3c95e30e373d4f2f715978b88cab184c8c4728395c025398075e082a220f2e979e6

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt
Filesize
3.4MB

MD5
78c219455fdd667d913b5b2d9042532d

SHA1
cbfbe0fd552ee04d347635ceb0597f99463fb503

SHA256
36c892deaab8f22b0567a11de9ddfa20d09b035651b06944c45e4ceb9c908c23

SHA512
c2f3f7783957a785dd05cb75fd3223fa0351f2b769cf5a5b8b81a8da2ed31c70c89bc52916939a7b6cb3c0f016cd535f8a039bdf1f4764190cb911b4f3007545

Download Submit