Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__¯os=a_b_c_d_e_f was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-11 06:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 06:46
Reported
2024-06-11 06:48
Platform
macos-20240410-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__¯os=a_b_c_d_e_f"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__¯os=a_b_c_d_e_f"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__¯os=a_b_c_d_e_f]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://in.vipliangmei.com/clk?el=ax&ct2=&ec=p86YiJ7X-hpOoJisn2haYW94g-CgN1BAn6smbMgLDwFiTlfpcIX0bwjr5m0n0_4EHwVmmEMuWhRKB519B48FjM8T9j0csepY09nWT3_3BDu1SegD3mCN5EK4HVpf5hnjeKXf5dUM1UJ7X3YqlMM6al49UVBPk6mxXvBk7Ur19478bVXJUfcPP7nOU1yU5Z7hwQF1-MPVFhKjy-jd_yH0mbWJ1MlZLEpHT8FtPgv00oBZ-yyCvfX07sljqJAyuzA0zsQIPVjKWxKlmDMFiVtUhY3GfBpQ6KZcE77HRjygz05OahCp5dij2JfCBLHJUaDTyOuhI_EfYTtwj6pE6QS-wf4xsZlHqIr_HWBlDkub3BNqWFaATh6RikgUJX-9CdH99zzeX3IBQitnKh0zDGmGgUxmr44doMohPGF84TtpYQhyOWTXQegHiN0KdIB-818MjEDy-JF0qee38d4TGQTrIFM23lM43xmz9Ugc0MiWsrnGKSJmWfUse_SJImPrdqxaUsjYupYDJs4sv7kf_624azKoQha_YvM3bo6ktDrVWLB97VrUHWfErGnyfNRkq1g_eZ676-Ih_MUMiz4EVqFe&rd=https%3A%2F%2Fwww.farfetch.cn&x=cb_down_x&y=cb_down_y&ux=cb_up_x&uy=cb_up_y&uxabs=cb_aup_x&uyabs=cb_aup_y&rw=640&rh=100&tm=1718062545074&tms=__clk_time_s__&dpx=__dp_clk_x__&dpy=__dp_clk_y__&dpux=__dp_clk_up_x__&dpuy=__dp_clk_up_y__&dprw=__DP_WIDTH__&dprh=__DP_HEIGHT__¯os=a_b_c_d_e_f]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| DE | 20.52.64.201:443 | tcp | |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| GB | 17.250.81.67:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| DE | 51.116.246.105:443 | tcp |