Analysis Overview
SHA256
673b49c7beb589bbf1ad1b340b3e690b205ca55ab9841bfa55e0868bc908049f
Threat Level: Likely benign
The file macos-input-fixes-1.6.jar was found to be: Likely benign.
Malicious Activity Summary
JavaScript
Resource Forking
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-06 17:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 17:58
Reported
2024-06-06 17:58
Platform
macos-20240410-en
Max time kernel
22s
Max time network
22s
Command Line
Signatures
JavaScript
| Description | Indicator | Process | Target |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/macos-input-fixes-1.6.jar | N/A | N/A |
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "open /Users/run/macos-input-fixes-1.6.jar"]
/bin/bash
[sh -c sudo /bin/zsh -c "open /Users/run/macos-input-fixes-1.6.jar"]
/usr/bin/sudo
[sudo /bin/zsh -c open /Users/run/macos-input-fixes-1.6.jar]
/bin/zsh
[/bin/zsh -c open /Users/run/macos-input-fixes-1.6.jar]
/usr/bin/open
[open /Users/run/macos-input-fixes-1.6.jar]
/usr/libexec/xpcproxy
[xpcproxy com.apple.JarLauncher.1532]
/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher
[/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -jar /Users/run/macos-input-fixes-1.6.jar]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.TextInputMenuAgent]
/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent
[/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.TextInputSwitcher]
/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher
[/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.2:443 | tcp | |
| US | 8.8.8.8:53 | onedscolprdeus06.eastus.cloudapp.azure.com | udp |
| US | 20.42.73.25:443 | onedscolprdeus06.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |