Malware Analysis Report

2024-10-10 07:17

Sample ID 240611-wetqdawapm
Target Notion-3.9.0-universal.dmg
SHA256 94ce445711fc5b36f2b25b8a5fa3c4832418bf06e4883ba0bbb1725e97f7b99c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

94ce445711fc5b36f2b25b8a5fa3c4832418bf06e4883ba0bbb1725e97f7b99c

Threat Level: No (potentially) malicious behavior was detected

The file Notion-3.9.0-universal.dmg was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 17:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 17:50

Reported

2024-06-11 17:54

Platform

macos-20240410-en

Max time kernel

119s

Max time network

124s

Command Line

[sh -c sudo /bin/zsh -c "open /Volumes/Notion/Notion.app"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "open /Volumes/Notion/Notion.app"]

/bin/bash

[sh -c sudo /bin/zsh -c "open /Volumes/Notion/Notion.app"]

/usr/bin/sudo

[sudo /bin/zsh -c open /Volumes/Notion/Notion.app]

/bin/zsh

[/bin/zsh -c open /Volumes/Notion/Notion.app]

/usr/bin/open

[open /Volumes/Notion/Notion.app]

/usr/libexec/xpcproxy

[xpcproxy notion.id.2308]

/Volumes/Notion/Notion.app/Contents/MacOS/Notion

[/Volumes/Notion/Notion.app/Contents/MacOS/Notion]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputMenuAgent]

/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent

[/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.TextInputSwitcher]

/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher

[/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher]

/usr/libexec/xpcproxy

[xpcproxy com.apple.suggestd]

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd

[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.tailspind]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/tailspind

[/usr/libexec/tailspind]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

Network

Country Destination Domain Proto
US 20.189.173.2:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.73.25:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A