Malware Analysis Report

2024-10-10 07:18

Sample ID 240610-zq7m6azdme
Target grass.obj
SHA256 807e303bfdf9cd41efb38cbf4670fe86e789a01ca9d04648eec827cc1adc50db
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

807e303bfdf9cd41efb38cbf4670fe86e789a01ca9d04648eec827cc1adc50db

Threat Level: No (potentially) malicious behavior was detected

The file grass.obj was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-10 20:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 20:56

Reported

2024-06-10 20:57

Platform

macos-20240410-en

Max time kernel

24s

Max time network

27s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/grass.obj"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/grass.obj"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/grass.obj"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/grass.obj]

/bin/zsh

[/bin/zsh -c /Users/run/grass.obj]

/Users/run/grass.obj

[/Users/run/grass.obj]

/bin/sh

[sh /Users/run/grass.obj]

/bin/bash

[sh /Users/run/grass.obj]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextEdit.2092]

/System/Applications/TextEdit.app/Contents/MacOS/TextEdit

[/System/Applications/TextEdit.app/Contents/MacOS/TextEdit]

/usr/libexec/xpcproxy

[xpcproxy com.apple.appkit.xpc.openAndSavePanelService 543]

/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService

[/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.quicklook.QuickLookUIService 548]

/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService

[/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService]

/usr/libexec/od_user_homes

[/usr/libexec/od_user_homes .localized]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

Network

Country Destination Domain Proto
US 8.8.8.8:53 e6858.dscx.akamaiedge.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp

Files

/private/var/db/spindump/tailspin-trace.2024-06-10_20-56-20.tailspin

MD5 be9a878fa5584fd4a288211ca3675e8e
SHA1 743498abdfdb10fd284d8a28908ad3e452a8b55a
SHA256 89cc5e007895f9e9bf869e4b82475aeb2ea814a6556be2811988ada73cede4e9
SHA512 7215496a1d16bd4502f8566f3d6a760827b83bc5c136c6f620df8a14ca8d5b8f9926e5e380e8e52045886d9fd68a23607c3ad2411320550968c442f99045d993