Analysis Overview
SHA256
1e4e8f86da10f241a293f8bdea4dd3b80b9382a36dbdb4b8c60de7d07b491509
Threat Level: No (potentially) malicious behavior was detected
The file b755e28154149bdad0f90c38c61608d4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-17 07:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 07:14
Reported
2024-06-17 07:14
Platform
macos-20240611-en
Max time kernel
13s
Max time network
15s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/b755e28154149bdad0f90c38c61608d4_JaffaCakes118"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/b755e28154149bdad0f90c38c61608d4_JaffaCakes118"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/b755e28154149bdad0f90c38c61608d4_JaffaCakes118]
/bin/zsh
[/bin/zsh -c /Users/run/b755e28154149bdad0f90c38c61608d4_JaffaCakes118]
/Users/run/b755e28154149bdad0f90c38c61608d4_JaffaCakes118
[/Users/run/b755e28154149bdad0f90c38c61608d4_JaffaCakes118]
/bin/sh
[sh /Users/run/b755e28154149bdad0f90c38c61608d4_JaffaCakes118]
/bin/bash
[sh /Users/run/b755e28154149bdad0f90c38c61608d4_JaffaCakes118]
_index:2017_02HTTP/1.1
[_index:2017_02HTTP/1.1 _type:downloadsHTTP/1.1 _id:AVn6z2rWTTCFSjiwSWjjHTTP/1.1 _version:1HTTP/1.1 created:trueHTTP/1.1 200 OK ]
/usr/libexec/dmd
[/usr/libexec/dmd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
Network
| Country | Destination | Domain | Proto |
| US | 52.182.143.213:443 | tcp | |
| GB | 17.250.81.65:443 | tcp | |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 23.59.171.27:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a479.dscg4.akamai.net | udp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |