Malware Analysis Report

2024-10-10 07:25

Sample ID 240611-f48ylawcpf
Target Screenshot_2.png
SHA256 7a02a9616d7fc81b412a46e036c7e562e9b86a9912a0b9202ba429da6aa774ec
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

7a02a9616d7fc81b412a46e036c7e562e9b86a9912a0b9202ba429da6aa774ec

Threat Level: No (potentially) malicious behavior was detected

The file Screenshot_2.png was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 05:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 05:26

Reported

2024-06-11 05:27

Platform

macos-20240410-en

Max time kernel

33s

Max time network

38s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/Screenshot_2.png"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/Screenshot_2.png"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/Screenshot_2.png"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/Screenshot_2.png]

/bin/zsh

[/bin/zsh -c /Users/run/Screenshot_2.png]

/Users/run/Screenshot_2.png

[/Users/run/Screenshot_2.png]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.rtcreportingd]

/usr/libexec/rtcreportingd

[/usr/libexec/rtcreportingd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

Network

Country Destination Domain Proto
IE 17.57.146.88:5223 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 0-courier.push.apple.com udp
GB 17.57.146.153:5223 0-courier.push.apple.com tcp
GB 17.57.146.154:5223 0-courier.push.apple.com tcp

Files

N/A