Analysis Overview
SHA256
59ac23b8b56f28020cb59eac6176ff138a145709d89049e067a795da0aaab5dd
Threat Level: Likely benign
The file sample was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 21:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 21:59
Reported
2024-06-10 22:01
Platform
macos-20240410-en
Max time kernel
46s
Max time network
52s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck | N/A | N/A |
| N/A | /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref | N/A | N/A |
| N/A | /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/sample.html]
/bin/zsh
[/bin/zsh -c /Users/run/sample.html]
/Users/run/sample.html
[/Users/run/sample.html]
/bin/sh
[sh /Users/run/sample.html]
/bin/bash
[sh /Users/run/sample.html]
/usr/libexec/dmd
[/usr/libexec/dmd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.2028]
/Applications/Safari.app/Contents/MacOS/Safari
[/Applications/Safari.app/Contents/MacOS/Safari]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.History]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.70D550E2-9124-4832-B768-5295CF23A223 529]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.akd]
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.A2525A61-F116-4A67-B53C-D1D7D5FD3A6E 529]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreAuthentication.agent]
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systempreferences.2140]
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
[/System/Applications/System Preferences.app/Contents/MacOS/System Preferences]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountProfileRemoteViewService 570]
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
[/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService]
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
[/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool]
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
[/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool]
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
[/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck]
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
[/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref]
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
[/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool]
/usr/libexec/xpcproxy
[xpcproxy com.apple.studentd]
/usr/libexec/studentd
[/usr/libexec/studentd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nfcd]
/usr/libexec/nfcd
[/usr/libexec/nfcd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.preferences.AppleIDPrefPane.remoteservice 570]
/System/Library/PreferencePanes/AppleIDPrefPane.prefPane/Contents/XPCServices/com.apple.preferences.AppleIDPrefPane.remoteservice.xpc/Contents/MacOS/com.apple.preferences.AppleIDPrefPane.remoteservice
[/System/Library/PreferencePanes/AppleIDPrefPane.prefPane/Contents/XPCServices/com.apple.preferences.AppleIDPrefPane.remoteservice.xpc/Contents/MacOS/com.apple.preferences.AppleIDPrefPane.remoteservice]
/usr/libexec/xpcproxy
[xpcproxy com.apple.metadata.mdwrite]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.adid]
/System/Library/PrivateFrameworks/CoreADI.framework/adid
[/System/Library/PrivateFrameworks/CoreADI.framework/adid]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountPolicyHelper]
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
[/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
Network
| Country | Destination | Domain | Proto |
| AU | 40.79.173.41:443 | tcp | |
| DE | 17.253.79.202:80 | tcp | |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 23.200.147.27:443 | tcp | |
| US | 8.8.8.8:53 | gspe35-ssl.ls-apple.com.akadns.net | udp |
| NL | 72.246.172.153:443 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| IE | 20.50.80.210:443 | tcp | |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | api-glb-aeuw3b.smoot.apple.com | udp |
| US | 8.8.8.8:53 | bag-cdn.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e6858.dscx.akamaiedge.net | udp |
| BE | 23.55.96.225:443 | e6858.dscx.akamaiedge.net | tcp |
| NL | 23.209.125.27:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | setup.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | configuration.apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml
| MD5 | 9a43af57707d2fb460832049d1f217d1 |
| SHA1 | 056d813f8cb5198ca82072f7e3484f38ea5267f8 |
| SHA256 | 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c |
| SHA512 | 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 90d8ac6b9328f8e785b3f68dbffb86a6 |
| SHA1 | 919a0ab0896a4078f90e1aed665851661aac9018 |
| SHA256 | 37e1e9d0fd2756cbbd9c88881fc4772b2dc5c3c29569a76ff78aecc6abce13fc |
| SHA512 | 88189d7c591d02e0a5339e4ed52b90f3c46abc9249b726e0e840bc93631a8a1df6aeb49566e54553ab20e52a7a5e63582562342f45379f0ed38d9192d35f7a37 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 5419e383deaf9fc8f15539f4050ac2ee |
| SHA1 | 148d3d075f38bca7468fff7c7f7166d6b5e82141 |
| SHA256 | 391ce0124439a9d42f0067ecb4f48cb1a2d6210259ec37faac71f7894fa7bbf4 |
| SHA512 | 318977018bd74810ee8cebff7ac91950ff1156bcdc01b44568dc1dfab43127aa8e6571463c01d962b18e76341a55d72455ae96169c8f5d35fdc5a8500ef51121 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 22fe2f00c5eb6a633938b7b3d5d94ffa |
| SHA1 | a5ade6d013cd1e915066241d76851a67cfcf4d79 |
| SHA256 | e04ca4356e026f499f7fd3ee8737f3c44527930121e073559c96a9610b6a8be0 |
| SHA512 | cc7d54773f0702a60b833bf13450be22ac60f1fb231625e8e20725cf3a21215a45e53a64c66affd97bffb7199ba9aae7f8ea2d3eccf59d14a79fd211c28f1184 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | f8064febf9e82937a539ffd38687e034 |
| SHA1 | 897196cce331c30ac601972fac808cbb44c98bdd |
| SHA256 | 5cd0e7cec68c4a8bd8e25ccbe764cb80e2fe4c107cf39239b5142863a4d38cf1 |
| SHA512 | fcad821f31bf56d8869c0a70e0b3979c27a4a224facb8ae1265f2119811b2eb52db4e8f1db357e3facb9848a1da43812660448525348b82d3bff7e6aabe5cce3 |