Analysis Overview
Threat Level: Likely benign
The file https://www.youtube.com/watch?v=1JBjTvn4QY8 was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 12:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 12:40
Reported
2024-06-11 12:44
Platform
macos-20240410-en
Max time kernel
144s
Max time network
151s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer | N/A | N/A |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid | N/A | N/A |
Processes
/usr/libexec/xpcproxy
[xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer]
/usr/libexec/xpcproxy
[xpcproxy com.apple.gkreport]
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]
/usr/libexec/gkreport
[/usr/libexec/gkreport]
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=1JBjTvn4QY8"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=1JBjTvn4QY8"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=1JBjTvn4QY8]
/usr/libexec/xpcproxy
[xpcproxy com.oracle.java.Java-Updater]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systemstats.daily]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.youtube.com/watch?v=1JBjTvn4QY8]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AppStore.1900]
/System/Applications/App Store.app/Contents/MacOS/App Store
[/System/Applications/App Store.app/Contents/MacOS/App Store]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storeuid]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storeuid.app/Contents/MacOS/storeuid]
/usr/libexec/xpcproxy
[xpcproxy com.apple.rtcreportingd]
/usr/libexec/rtcreportingd
[/usr/libexec/rtcreportingd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.accessibility.mediaaccessibilityd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.coremedia.videodecoder 510]
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
[/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd]
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
[/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PerformanceAnalysis.animationperfd]
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
[/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Notes.1736]
/System/Applications/Notes.app/Contents/MacOS/Notes
[/System/Applications/Notes.app/Contents/MacOS/Notes]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.2028]
/Applications/Safari.app/Contents/MacOS/Safari
[/Applications/Safari.app/Contents/MacOS/Safari]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.History]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.2F9BCFC4-5965-47D5-91F7-4F98E060FD82 546]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.CFDA6F1A-8E6F-4FA4-BD3A-1EA14926A470 546]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SearchHelper 546]
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.SafeBrowsing.Service]
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
[/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.A38C565B-0499-4B9D-AF66-68CA6E655C92 546]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.SandboxHelper 553]
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
[/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.WebKit.WebContent.010DF6F5-D70E-482C-B4A3-5B34B7648118 546]
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| DE | 20.52.64.201:443 | tcp | |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | apps.mzstatic.com | udp |
| US | 8.8.8.8:53 | s.mzstatic.com | udp |
| GB | 2.21.188.28:443 | s.mzstatic.com | tcp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | play.itunes.apple.com | udp |
| BE | 23.14.90.74:443 | play.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | buy.itunes.apple.com | udp |
| US | 17.156.128.10:443 | buy.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | sf-api-token-service.itunes.apple.com | udp |
| BE | 23.55.96.25:443 | sf-api-token-service.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | amp-api-edge.apps.apple.com | udp |
| BE | 23.14.90.112:443 | amp-api-edge.apps.apple.com | tcp |
| US | 8.8.8.8:53 | is1-ssl.mzstatic.com | udp |
| US | 8.8.8.8:53 | apptrailers.itunes.apple.com | udp |
| US | 8.8.8.8:53 | amp-api.apps.apple.com | udp |
| BE | 23.55.96.123:443 | amp-api.apps.apple.com | tcp |
| GB | 17.253.77.201:80 | apptrailers.itunes.apple.com | tcp |
| US | 8.8.8.8:53 | search.itunes.apple.com | udp |
| GB | 17.250.81.67:443 | tcp | |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| IE | 17.57.146.88:5223 | tcp | |
| US | 8.8.8.8:53 | e6858.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1806.dscw154.akamai.net | udp |
| BE | 23.14.90.74:443 | a1806.dscw154.akamai.net | tcp |
| GB | 17.253.77.202:80 | mesu-cdn.origin-apple.com.akadns.net | tcp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | api-glb-aeuw3b.smoot.apple.com | udp |
| US | 8.8.8.8:53 | gateway.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | cdn2.smoot.apple.com | udp |
| US | 8.8.8.8:53 | cdn.smoot.apple.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | rr1---sn-q4fzen7y.googlevideo.com | udp |
| US | 8.8.8.8:53 | itunes.apple.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | rr4---sn-hgn7rnls.googlevideo.com | udp |
| FR | 173.194.18.9:443 | rr4---sn-hgn7rnls.googlevideo.com | tcp |
| FR | 173.194.18.9:443 | rr4---sn-hgn7rnls.googlevideo.com | tcp |
| FR | 173.194.18.9:443 | rr4---sn-hgn7rnls.googlevideo.com | tcp |
| FR | 173.194.18.9:443 | rr4---sn-hgn7rnls.googlevideo.com | tcp |
| FR | 173.194.18.9:443 | rr4---sn-hgn7rnls.googlevideo.com | tcp |
| FR | 173.194.18.9:443 | rr4---sn-hgn7rnls.googlevideo.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.169.74:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| DE | 51.116.246.105:443 | tcp | |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| SE | 23.34.233.79:443 | help.apple.com | tcp |
| SE | 23.34.233.79:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | e17437.dsct.akamaiedge.net | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.AppStore//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.AppStore//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Application Support/CrashReporter/DiagnosticMessagesHistory.plist
| MD5 | 64e24aa2b0d5b85b780cb77e1e897ef0 |
| SHA1 | 84323a362065a8b056529f870a84551b2b90dc6d |
| SHA256 | 8b5b32f6ac5457ee19637e1157d58bf9cf020a12c35c28df9e0a6527b871435f |
| SHA512 | f2d99417c296aa78485c2f39602907401773d07b6b650a861db9dc3e6bbbc0c054465ca35400273dfcc18eec8151f4076e4276ca9fffff5cdedb483616f6bb0f |
/Users/run/Library/Safari/Favicon Cache/favicons/3EA0938D21D7307A80C51683148DA646
| MD5 | f00ffb858024f95fbde9c8ef2a62c4bc |
| SHA1 | ca0fc41d59a2d8bd769f2376d1fd828912bb3c76 |
| SHA256 | 0a3ba6c9348a3d6a485cb00c88ad6b04be11e61d9c0150558003e9f8502939c3 |
| SHA512 | 1a666cbd95a5c09f30c862dbabe6784ca87856d23ef0d2a289bc94eb991aea268b39d423fc317bd00b7e9816a45f8bd5df2ca75b24361a203f64a7bf0ff51fbf |
/Users/run/Library/Safari/Favicon Cache/favicons/636B42BE83A264A0D007C5C1F135EA8E
| MD5 | 80f7367cb52983d2b58c2570460a9e9b |
| SHA1 | 8b1020b84f2c57bc43c0b0e504529fbd176fc694 |
| SHA256 | d7dd223f488a3dc314edecff758abc774093909d8cdaabb5c6b3f5a84a6f4be7 |
| SHA512 | ec16f486883b31551597eaa82406989c159a5e186ec33fcc8fbc85093d1ac758bfab065a9a8f91ef3087456cc2a0b2b097dbb074f567280f5ccf8f3838eaceb3 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
| MD5 | 34899fd0f8532a91b643945f8a0f6241 |
| SHA1 | 29e6263ea3cc01e616f491e770905fa6b00b1ad9 |
| SHA256 | b09cc856b632a1a7f9e8b363b9b0110f143b6c521cc4889502fd068719141d44 |
| SHA512 | 12ab02108d7ae5bbdc6a075c8f804d5f7e0e5b12aafdea59fa8124bd1012d84cb85ab3b7b796f2b84a5de00a44e7f80304692647bdbf738690998a5b3b1bbf5c |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
| MD5 | daba85e31ad497f6b39164dd74dcc672 |
| SHA1 | f88fd2cb0a15cafbebf41c56157e344adb7a6373 |
| SHA256 | 0f0b596458a3f80eb46293f32ef3dcc47fb32bc70ad541fbf693efa2e252da90 |
| SHA512 | 9c3d4aa00c85523b15f975fe44971710a6fa653190419eb5774be77e4f779c5e1d322618b06c43bbf2382c938070b7321c8edeb5ba086edcabdb78941a0ea364 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
| MD5 | 23ca63afc2e82a3130cee8240dc30743 |
| SHA1 | 5ea2a8ef7fd506861941fa7ec19bb146f82ad336 |
| SHA256 | fb3d9e9b55f7faafefe5e6b7c865ca989d95ddf4d46891903aea40864c63c9b8 |
| SHA512 | a1da25f1281c0c71fe9e67def5d7201da4295ff723d5edc1422e0a0fe09d6ec1b8a09a68f0c5206cc0fef596d365572e9680924567f81dbf207ce16eb17f487a |