Malware Analysis Report

2024-10-24 21:57

Sample ID 240606-wj81vsae88
Target macos-input-fixes-1.6.jar
SHA256 673b49c7beb589bbf1ad1b340b3e690b205ca55ab9841bfa55e0868bc908049f
Tags
evasion execution
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

673b49c7beb589bbf1ad1b340b3e690b205ca55ab9841bfa55e0868bc908049f

Threat Level: Likely benign

The file macos-input-fixes-1.6.jar was found to be: Likely benign.

Malicious Activity Summary

evasion execution

JavaScript

Resource Forking

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 17:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 17:58

Reported

2024-06-06 17:58

Platform

macos-20240410-en

Max time kernel

22s

Max time network

22s

Command Line

[sh -c sudo /bin/zsh -c "open /Users/run/macos-input-fixes-1.6.jar"]

Signatures

JavaScript

execution
Description Indicator Process Target
N/A "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/macos-input-fixes-1.6.jar N/A N/A

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "open /Users/run/macos-input-fixes-1.6.jar"]

/bin/bash

[sh -c sudo /bin/zsh -c "open /Users/run/macos-input-fixes-1.6.jar"]

/usr/bin/sudo

[sudo /bin/zsh -c open /Users/run/macos-input-fixes-1.6.jar]

/bin/zsh

[/bin/zsh -c open /Users/run/macos-input-fixes-1.6.jar]

/usr/bin/open

[open /Users/run/macos-input-fixes-1.6.jar]

/usr/libexec/xpcproxy

[xpcproxy com.apple.JarLauncher.1532]

/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher

[/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher]

/usr/libexec/xpcproxy

[xpcproxy com.apple.metadata.mdwrite]

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java

[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -jar /Users/run/macos-input-fixes-1.6.jar]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputMenuAgent]

/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent

[/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputSwitcher]

/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher

[/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

Network

Country Destination Domain Proto
US 20.189.173.2:443 tcp
US 8.8.8.8:53 onedscolprdeus06.eastus.cloudapp.azure.com udp
US 20.42.73.25:443 onedscolprdeus06.eastus.cloudapp.azure.com tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp

Files

N/A