Analysis Overview
SHA256
807e303bfdf9cd41efb38cbf4670fe86e789a01ca9d04648eec827cc1adc50db
Threat Level: No (potentially) malicious behavior was detected
The file grass.obj was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-10 20:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 20:56
Reported
2024-06-10 20:57
Platform
macos-20240410-en
Max time kernel
24s
Max time network
27s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/grass.obj"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/grass.obj"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/grass.obj]
/bin/zsh
[/bin/zsh -c /Users/run/grass.obj]
/Users/run/grass.obj
[/Users/run/grass.obj]
/bin/sh
[sh /Users/run/grass.obj]
/bin/bash
[sh /Users/run/grass.obj]
/usr/libexec/xpcproxy
[xpcproxy com.apple.TextEdit.2092]
/System/Applications/TextEdit.app/Contents/MacOS/TextEdit
[/System/Applications/TextEdit.app/Contents/MacOS/TextEdit]
/usr/libexec/xpcproxy
[xpcproxy com.apple.appkit.xpc.openAndSavePanelService 543]
/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService
[/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/com.apple.appkit.xpc.openAndSavePanelService.xpc/Contents/MacOS/com.apple.appkit.xpc.openAndSavePanelService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.quicklook.QuickLookUIService 548]
/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService
[/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/XPCServices/QuickLookUIService.xpc/Contents/MacOS/QuickLookUIService]
/usr/libexec/od_user_homes
[/usr/libexec/od_user_homes .localized]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | e6858.dscx.akamaiedge.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
Files
/private/var/db/spindump/tailspin-trace.2024-06-10_20-56-20.tailspin
| MD5 | be9a878fa5584fd4a288211ca3675e8e |
| SHA1 | 743498abdfdb10fd284d8a28908ad3e452a8b55a |
| SHA256 | 89cc5e007895f9e9bf869e4b82475aeb2ea814a6556be2811988ada73cede4e9 |
| SHA512 | 7215496a1d16bd4502f8566f3d6a760827b83bc5c136c6f620df8a14ca8d5b8f9926e5e380e8e52045886d9fd68a23607c3ad2411320550968c442f99045d993 |