99cc342db4753a09ad51f134ce410c173902b75ba0b43cea4b3137c5d1eb1f25

Resubmissions

20/05/2024, 16:44 UTC

240520-t8984sab7t 3

20/05/2024, 16:44 UTC

240520-t81dxaab6s 1

Analysis

max time kernel
377s
max time network
1582s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
20/05/2024, 16:44 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_805d2a74-e62c-475c-ad85-d58f84e13f78.jpg
Size

177KB
MD5

7fac20a1d8d0b90e70ac476d473da631
SHA1

cf2bef992baa290e642ece9d9abb78c51137a72c
SHA256

99cc342db4753a09ad51f134ce410c173902b75ba0b43cea4b3137c5d1eb1f25
SHA512

fe5f40684053c31f9f3bbb43a6ad4c453c7a42cc43b4c4816bddb519405e2335af4c4e734fce0f3d5fbe7a2630924a1785ab8d40081704f9ba9fcbce31a4c1a1
SSDEEP

3072:FXIfbrx8PcyO0sdV1YNoc4oDZoqYHXpZjo57/9/WF8zOB58t6ABFrmxd:F4HCNO0sdr4mtZZCtmIbi

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/_805d2a74-e62c-475c-ad85-d58f84e13f78.jpg\""
1⤵
PID:485

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/_805d2a74-e62c-475c-ad85-d58f84e13f78.jpg\""
1⤵
PID:485

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/_805d2a74-e62c-475c-ad85-d58f84e13f78.jpg
1⤵
PID:485
- /bin/zsh
  /bin/zsh -c /Users/run/_805d2a74-e62c-475c-ad85-d58f84e13f78.jpg
  2⤵
  PID:488
- /Users/run/_805d2a74-e62c-475c-ad85-d58f84e13f78.jpg
  /Users/run/_805d2a74-e62c-475c-ad85-d58f84e13f78.jpg
  2⤵
  PID:488

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:533

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:533

/usr/libexec/xpcproxy
xpcproxy com.apple.diagnosticd
1⤵
PID:534

/usr/libexec/diagnosticd
/usr/libexec/diagnosticd
1⤵
PID:534

Network

DNS

bag-cdn-lb.itunes-apple.com.akadns.net

Remote address:

8.8.8.8:53

Request

bag-cdn-lb.itunes-apple.com.akadns.net

IN A

Response

bag-cdn-lb.itunes-apple.com.akadns.net

IN CNAME

h3.apis.apple.map.fastly.net

h3.apis.apple.map.fastly.net

IN A

151.101.3.6

h3.apis.apple.map.fastly.net

IN A

151.101.67.6

h3.apis.apple.map.fastly.net

IN A

151.101.131.6

h3.apis.apple.map.fastly.net

IN A

151.101.195.6
GET

http://ocsp.apple.com/ocsp03-asi2ca02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDpjNYC91gD%2BzsNfJ0wP9wrPSi8lBBQSdXxHkv2D474u%2FFl%2FZ0OBNRBF7AIIR5uTR%2BogEsU%3D

Remote address:

17.253.77.201:80

Request

GET /ocsp03-asi2ca02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDpjNYC91gD%2BzsNfJ0wP9wrPSi8lBBQSdXxHkv2D474u%2FFl%2FZ0OBNRBF7AIIR5uTR%2BogEsU%3D HTTP/1.1
Host: ocsp.apple.com
Accept: */*
Accept-Language: en-us
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: com.apple.trustd/2.0

Response

HTTP/1.1 200 OK

Server: Apple
Date: Mon, 20 May 2024 18:10:29 GMT
Content-Type: application/ocsp-response
Content-Length: 2559
Last-Modified: Mon, 20 May 2024 18:10:29 GMT
Via: http/1.1 gbmnc1-edge-lx-001.ts.apple.com (acdn/153.14426), http/1.1 gbmnc1-edge-bx-007.ts.apple.com (acdn/153.14426)
X-Cache: hit-fresh, hit-fresh
CDNUUID: 64951e89-84fa-497b-bcdc-f91d86986eea-7260921961
Etag: "c98d22c3594c5b8e3cc681e04cc1579dabeea82f"
Expires: Tue, 21 May 2024 05:10:29 GMT
Age: 2372
Connection: keep-alive
DNS

5-courier.push.apple.com

Remote address:

8.8.8.8:53

Request

5-courier.push.apple.com

IN A

Response

5-courier.push.apple.com

IN CNAME

5.courier-push-apple.com.akadns.net

5.courier-push-apple.com.akadns.net

IN CNAME

gb-courier-4.push-apple.com.akadns.net

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.152

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.148

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.151

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.155

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.154

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.153

gb-courier-4.push-apple.com.akadns.net

IN A

17.57.146.150
DNS

lb._dns-sd._udp.0.0.127.10.in-addr.arpa

Remote address:

8.8.8.8:53

Request

lb._dns-sd._udp.0.0.127.10.in-addr.arpa

IN PTR

Response
DNS

lb._dns-sd._udp.0.0.127.10.in-addr.arpa

Remote address:

8.8.8.8:53

Request

lb._dns-sd._udp.0.0.127.10.in-addr.arpa

IN PTR

Response

17.253.77.201:80

http://ocsp.apple.com/ocsp03-asi2ca02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDpjNYC91gD%2BzsNfJ0wP9wrPSi8lBBQSdXxHkv2D474u%2FFl%2FZ0OBNRBF7AIIR5uTR%2BogEsU%3D

http

677 B
3.4kB
7
6

HTTP Request

GET http://ocsp.apple.com/ocsp03-asi2ca02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFDpjNYC91gD%2BzsNfJ0wP9wrPSi8lBBQSdXxHkv2D474u%2FFl%2FZ0OBNRBF7AIIR5uTR%2BogEsU%3D

HTTP Response

200
17.57.146.88:5223

tls

3.9kB
17
17.57.146.148:5223

5-courier.push.apple.com

104 B
60 B
2
1
17.57.146.151:5223

5-courier.push.apple.com

104 B
60 B
2
1

8.8.8.8:53

bag-cdn-lb.itunes-apple.com.akadns.net

dns

84 B
187 B
1
1

DNS Request

bag-cdn-lb.itunes-apple.com.akadns.net

DNS Response

151.101.3.6

151.101.67.6

151.101.131.6

151.101.195.6
224.0.0.251:5353

587 B
2
8.8.8.8:53

5-courier.push.apple.com

dns

70 B
269 B
1
1

DNS Request

5-courier.push.apple.com

DNS Response

17.57.146.152

17.57.146.148

17.57.146.151

17.57.146.155

17.57.146.154

17.57.146.153

17.57.146.150
8.8.8.8:53

lb._dns-sd._udp.0.0.127.10.in-addr.arpa

dns

170 B
170 B
2
2

DNS Request

lb._dns-sd._udp.0.0.127.10.in-addr.arpa

DNS Request

lb._dns-sd._udp.0.0.127.10.in-addr.arpa

Windows 7 deprecation

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

Loading Replay Monitor...

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.