Analysis Overview
SHA256
cd8caaef7fc2ec4507f9a71bdb5e2cad3538a7e0fe1a05ae38c8322b5bd42b8c
Threat Level: Likely benign
The file curseforge-latest.dmg was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 18:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 18:41
Reported
2024-06-11 18:45
Platform
macos-20240410-en
Max time kernel
17s
Max time network
68s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "open /Volumes/CurseForge\ 1.251.0-0-universal/CurseForge.app"]
/bin/bash
[sh -c sudo /bin/zsh -c "open /Volumes/CurseForge\ 1.251.0-0-universal/CurseForge.app"]
/usr/bin/sudo
[sudo /bin/zsh -c open /Volumes/CurseForge\ 1.251.0-0-universal/CurseForge.app]
/bin/zsh
[/bin/zsh -c open /Volumes/CurseForge\ 1.251.0-0-universal/CurseForge.app]
/usr/bin/open
[open /Volumes/CurseForge 1.251.0-0-universal/CurseForge.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.overwolf.curseforge.2300]
/Volumes/CurseForge 1.251.0-0-universal/CurseForge.app/Contents/MacOS/CurseForge
[/Volumes/CurseForge 1.251.0-0-universal/CurseForge.app/Contents/MacOS/CurseForge]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.DesktopServicesHelper.6C9CDE86-2721-41BB-9190-916A90BC0DB4]
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
Network
| Country | Destination | Domain | Proto |
| AU | 40.79.173.41:443 | tcp | |
| DE | 17.253.79.202:80 | tcp | |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |