Analysis
-
max time kernel
308s -
max time network
311s -
platform
macos-10.15_amd64 -
resource
macos-20240611-en -
resource tags
arch:amd64arch:i386image:macos-20240611-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
18-06-2024 20:30
Behavioral task
behavioral1
Sample
Product information_tesafilm® 57315_de-DE.pdf
Resource
macos-20240611-en
General
-
Target
Product information_tesafilm® 57315_de-DE.pdf
-
Size
42KB
-
MD5
2b9854f1c3adba336037be4cc16e8d0d
-
SHA1
4723e90a21f1d253a30a06de73def2cc31a30fa5
-
SHA256
fe3c2e5c8d18becaa0e8e9b14b31faaeabe1cf2ee7bcc8c4e47e8c6d3a8f0f1a
-
SHA512
11985a56080b2201892f4377aee644f0193b05d8afffab610fe40df6b8e8738f2c928fa2bb5b3753239539962f97b260f190684e073bbab6f6a2331166e11571
-
SSDEEP
768:nPK2FXn+tr3pUpbXOsAUwi04XsWtDWL8EuILKfRY6ds8mtUb4:y2lnGlGfXrVWL8EdLcY6Gub4
Malware Config
Signatures
-
Resource Forking 1 TTPs 23 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
Processes:
ioc process /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref "/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated" /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool /System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy "/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"
Processes
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/Product information_tesafilm® 57315_de-DE.pdf\""1⤵PID:557
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/Product information_tesafilm® 57315_de-DE.pdf\""1⤵PID:557
-
/usr/bin/sudosudo /bin/zsh -c "/Users/run/Product information_tesafilm® 57315_de-DE.pdf"1⤵PID:557
-
/bin/zsh/bin/zsh -c "/Users/run/Product information_tesafilm® 57315_de-DE.pdf"2⤵PID:559
-
/Users/run/Product/Users/run/Product "information_tesafilm®" 57315_de-DE.pdf2⤵PID:559
-
/usr/libexec/xpcproxyxpcproxy com.apple.pluginkit.pkd1⤵PID:558
-
/usr/libexec/pkd/usr/libexec/pkd1⤵PID:558
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵PID:564
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵PID:564
-
/usr/libexec/xpcproxyxpcproxy com.apple.security.cloudkeychainproxy31⤵PID:565
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.systemsoundserverd1⤵PID:566
-
/usr/sbin/systemsoundserverd/usr/sbin/systemsoundserverd1⤵PID:566
-
/usr/libexec/xpcproxyxpcproxy com.apple.pbs1⤵PID:567
-
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy1⤵PID:565
-
/System/Library/CoreServices/pbs/System/Library/CoreServices/pbs1⤵PID:567
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵PID:569
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵PID:569
-
/usr/bin/pluginkit/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync1⤵PID:589
-
/usr/sbin/spctl/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater66017B75/OneDrive.app1⤵PID:590
-
/usr/libexec/xpcproxyxpcproxy com.apple.TextInputMenuAgent1⤵PID:592
-
/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent/System/Library/CoreServices/TextInputMenuAgent.app/Contents/MacOS/TextInputMenuAgent1⤵PID:592
-
/usr/libexec/xpcproxyxpcproxy com.apple.TextInputSwitcher1⤵PID:593
-
/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher/System/Library/CoreServices/TextInputSwitcher.app/Contents/MacOS/TextInputSwitcher1⤵PID:593
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemprofiler1⤵PID:594
-
/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"1⤵PID:594
-
/usr/libexec/xpcproxyxpcproxy com.apple.replayd1⤵PID:599
-
/usr/libexec/replayd/usr/libexec/replayd1⤵PID:599
-
/usr/libexec/xpcproxyxpcproxy com.apple.storedownloadd1⤵PID:600
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵PID:602
-
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd1⤵PID:600
-
/usr/libexec/xpcproxyxpcproxy com.apple.installd1⤵PID:606
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵PID:602
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd1⤵PID:606
-
/usr/libexec/xpcproxyxpcproxy com.apple.system_installd1⤵PID:607
-
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd1⤵PID:607
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.CacheDeleteExtension 5971⤵PID:609
-
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension1⤵PID:609
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵PID:618
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵PID:618
-
/usr/libexec/xpcproxyxpcproxy com.apple.geod1⤵PID:619
-
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod1⤵PID:619
-
/usr/libexec/xpcproxyxpcproxy com.apple.secinitd1⤵PID:620
-
/usr/libexec/secinitd/usr/libexec/secinitd1⤵PID:620
-
/usr/libexec/xpcproxyxpcproxy com.apple.AddressBook.ContactsAccountsService1⤵PID:622
-
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService1⤵PID:622
-
/usr/libexec/xpcproxyxpcproxy com.apple.routined1⤵PID:623
-
/usr/libexec/routined/usr/libexec/routined LAUNCHED_BY_LAUNCHD1⤵PID:623
-
/usr/libexec/xpcproxyxpcproxy com.apple.Maps.mapspushd1⤵PID:624
-
/System/Library/CoreServices/mapspushd/System/Library/CoreServices/mapspushd1⤵PID:624
-
/usr/libexec/xpcproxyxpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A1⤵PID:625
-
/usr/libexec/neagent/usr/libexec/neagent1⤵PID:625
-
/usr/libexec/xpcproxyxpcproxy com.apple.systempreferences.21401⤵PID:627
-
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"1⤵PID:627
-
/usr/libexec/xpcproxyxpcproxy com.apple.metadata.mdwrite1⤵PID:629
-
/usr/libexec/xpcproxyxpcproxy com.apple.siri.context.service1⤵PID:630
-
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService1⤵PID:630
-
/usr/libexec/xpcproxyxpcproxy com.apple.AccountProfileRemoteViewService 6271⤵PID:631
-
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService1⤵PID:631
-
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool1⤵PID:633
-
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool1⤵PID:634
-
/usr/libexec/xpcproxyxpcproxy com.apple.studentd1⤵PID:636
-
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck1⤵PID:637
-
/usr/libexec/studentd/usr/libexec/studentd1⤵PID:636
-
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref1⤵PID:638
-
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool1⤵PID:639
-
/usr/libexec/xpcproxyxpcproxy com.apple.CoreAuthentication.agent1⤵PID:640
-
/usr/libexec/xpcproxyxpcproxy com.apple.nfcd1⤵PID:641
-
/usr/libexec/nfcd/usr/libexec/nfcd1⤵PID:641
-
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd1⤵PID:640
-
/usr/libexec/xpcproxyxpcproxy com.apple.preferences.softwareupdate.remoteservice 6271⤵PID:642
-
/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice1⤵PID:642
-
/usr/libexec/xpcproxyxpcproxy com.apple.softwareupdated1⤵PID:643
-
/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"1⤵PID:643
-
/usr/libexec/xpcproxyxpcproxy com.apple.suhelperd1⤵PID:644
-
/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"1⤵PID:644
-
/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z1⤵PID:649
-
/usr/libexec/xpcproxyxpcproxy com.apple.SoftwareUpdateNotificationManager1⤵PID:652
-
/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager1⤵PID:652
-
/usr/libexec/xpcproxyxpcproxy com.apple.rtcreportingd1⤵PID:654
-
/usr/libexec/rtcreportingd/usr/libexec/rtcreportingd1⤵PID:654
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportCrash1⤵PID:655
-
/System/Library/CoreServices/ReportCrash/System/Library/CoreServices/ReportCrash agent1⤵PID:655
-
/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z1⤵PID:657
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.20281⤵PID:663
-
/Applications/Safari.app/Contents/MacOS/Safari/Applications/Safari.app/Contents/MacOS/Safari1⤵PID:663
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.History1⤵PID:664
-
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History1⤵PID:664
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.DA2E99D9-2F6A-466F-9856-64FB125BDDEE 6631⤵PID:665
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:665
-
/usr/libexec/xpcproxyxpcproxy com.apple.SafariLaunchAgent1⤵PID:668
-
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent1⤵PID:668
-
/usr/libexec/xpcproxyxpcproxy com.apple.akd1⤵PID:669
-
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd1⤵PID:669
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.04BE9D84-D45A-4E9A-8114-B9E97ADC15DE 6631⤵PID:670
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:670
-
/usr/libexec/xpcproxyxpcproxy com.apple.Safari.SafeBrowsing.Service1⤵PID:671
-
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service1⤵PID:671
-
/usr/libexec/xpcproxyxpcproxy com.apple.mediaremoted1⤵PID:672
-
/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted1⤵PID:672
-
/usr/libexec/xpcproxyxpcproxy com.apple.WebKit.WebContent.64281237-A8E3-4704-A3EB-8B00EA0F3ED3 6631⤵PID:673
-
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent1⤵PID:673
-
/usr/libexec/xpcproxyxpcproxy com.apple.assistantd1⤵PID:675
-
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd1⤵PID:675
-
/usr/libexec/xpcproxyxpcproxy com.apple.accessibility.mediaaccessibilityd1⤵PID:678
-
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd1⤵PID:678
-
/usr/libexec/xpcproxyxpcproxy com.apple.coremedia.videodecoder 6701⤵PID:679
-
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService1⤵PID:679
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵PID:681
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵PID:681
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.satellite.AF32497B-4799-421C-A27F-8EB4E23E2FBC 6041⤵PID:682
-
/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite/System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite1⤵PID:682
-
/usr/libexec/xpcproxyxpcproxy com.apple.DesktopServicesHelper.233DE54A-C02C-4BF9-8843-E1C12F7628AF1⤵PID:685
-
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper1⤵PID:685
-
/usr/libexec/xpcproxyxpcproxy com.apple.quicklook.ui.helper1⤵PID:687
-
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper1⤵PID:687
-
/usr/libexec/xpcproxyxpcproxy "com.apple.xpc.launchd.oneshot.0x10000001.Archive Utility"1⤵PID:688
-
/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/MacOS/Archive Utility" -psn_0_2335291⤵PID:688
-
/usr/libexec/xpcproxyxpcproxy com.apple.XprotectFramework.AnalysisService 5961⤵PID:689
-
/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService/System/Library/PrivateFrameworks/XprotectFramework.framework/Versions/A/XPCServices/XprotectService.xpc/Contents/MacOS/XprotectService1⤵PID:689
-
/usr/bin/macbinary/usr/bin/macbinary probe --verbose /Users/run/Desktop/payload.zip1⤵PID:690
-
/usr/bin/file/usr/bin/file -b /Users/run/Desktop/payload.zip1⤵PID:691
-
/usr/libexec/xpcproxyxpcproxy com.apple.archiveutility.auhelperservice 6881⤵PID:692
-
/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService"/System/Library/CoreServices/Applications/Archive Utility.app/Contents/XPCServices/AUHelperService.xpc/Contents/MacOS/AUHelperService"1⤵PID:692
-
/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService/System/Library/Frameworks/FileProvider.framework/XPCServices/ArchiveService.xpc/Contents/MacOS/ArchiveService1⤵PID:693
-
/usr/libexec/xpcproxyxpcproxy com.apple.appkit.xpc.sandboxedServiceRunner 6881⤵PID:694
-
/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner/System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedServiceRunner.xpc/Contents/MacOS/SandboxedServiceRunner1⤵PID:694
-
/usr/libexec/xpcproxyxpcproxy com.apple.DesktopServicesHelper.B1A0E531-4B91-4804-AF93-96D7472736C51⤵PID:695
-
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper1⤵PID:695
-
/usr/libexec/xpcproxyxpcproxy com.apple.DesktopServicesHelper.4C3D6614-91CE-4E12-89BA-605AF628BD361⤵PID:696
-
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper1⤵PID:696
-
/usr/libexec/xpcproxyxpcproxy com.apple.DesktopServicesHelper.3FFA618A-42D2-4956-AB5C-B5D2ACC317781⤵PID:697
-
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper1⤵PID:697
-
/usr/libexec/xpcproxyxpcproxy com.apple.DesktopServicesHelper.3C38E088-8AF2-4D1D-9594-AD70CB2CFA401⤵PID:698
-
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper1⤵PID:698
-
/usr/libexec/xpcproxyxpcproxy com.apple.systempreferences.21401⤵PID:705
-
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"1⤵PID:705
-
/usr/libexec/xpcproxyxpcproxy com.apple.AccountProfileRemoteViewService 7051⤵PID:706
-
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService1⤵PID:706
-
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool1⤵PID:707
-
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool1⤵PID:708
-
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck1⤵PID:709
-
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref1⤵PID:710
-
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool1⤵PID:711
-
/usr/libexec/xpcproxyxpcproxy com.apple.PerformanceAnalysis.animationperfd1⤵PID:713
-
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd1⤵PID:713
-
/usr/libexec/xpcproxyxpcproxy com.apple.preferences.sharing.remoteservice 7051⤵PID:714
-
/System/Library/PreferencePanes/SharingPref.prefPane/Contents/XPCServices/com.apple.preferences.sharing.remoteservice.xpc/Contents/MacOS/com.apple.preferences.sharing.remoteservice/System/Library/PreferencePanes/SharingPref.prefPane/Contents/XPCServices/com.apple.preferences.sharing.remoteservice.xpc/Contents/MacOS/com.apple.preferences.sharing.remoteservice1⤵PID:714
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemadministration.writeconfig1⤵PID:715
-
/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig1⤵PID:715
-
/usr/libexec/xpcproxyxpcproxy com.apple.AssetCacheManagerService1⤵PID:716
-
/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService/System/Library/PrivateFrameworks/AssetCacheServicesExtensions.framework/XPCServices/AssetCacheManagerService.xpc/Contents/MacOS/AssetCacheManagerService1⤵PID:716
-
/usr/libexec/xpcproxyxpcproxy com.apple.preferences.sharing.SharingPrefsExtension 7141⤵PID:717
-
/System/Library/PrivateFrameworks/AMPSharing.framework/Versions/A/PlugIns/SharingPrefsExtension.appex/Contents/MacOS/SharingPrefsExtension/System/Library/PrivateFrameworks/AMPSharing.framework/Versions/A/PlugIns/SharingPrefsExtension.appex/Contents/MacOS/SharingPrefsExtension1⤵PID:717
-
/usr/libexec/xpcproxyxpcproxy com.apple.preferences.sharing.SharingBluetoothService 7141⤵PID:718
-
/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/SharingBluetoothService.appex/Contents/MacOS/SharingBluetoothService/System/Library/PrivateFrameworks/PreferencePanesSupport.framework/PlugIns/SharingBluetoothService.appex/Contents/MacOS/SharingBluetoothService1⤵PID:718
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump1⤵PID:719
-
/usr/sbin/spindump/usr/sbin/spindump1⤵PID:719
-
/usr/libexec/xpcproxyxpcproxy com.apple.tailspind1⤵PID:722
-
/usr/libexec/tailspind/usr/libexec/tailspind1⤵PID:722
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump_agent1⤵PID:723
-
/usr/libexec/spindump_agent/usr/libexec/spindump_agent1⤵PID:723
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
495B
MD53439dcb6d4ce19d3ea022b8bb17cba7a
SHA1e412c16548b6fcc5fd488315cd70b324ca4d782e
SHA256aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b
SHA5128ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b
-
Filesize
478B
MD5b35182a5d0722d6f81654bbf9755bb77
SHA105203798855cfdf6f32161189ee340efe27386fb
SHA256f9169b9b0d3706f8622513a6be8a722cdcef97826f1e71476439cb387792416c
SHA512584f5d1afd86c2492a344447039c34b2239903af5b27590371226a13bc8668afa106af8bbefcfd75ed61a247ab251c93c51ce8192347b6d5ac53bf2b44bf89f9
-
Filesize
124KB
MD56c515e6608e16cc97bf768d132939a62
SHA15de9eeb0718a9a0ab3aedc6a24ef1c95ec681bea
SHA2561cc436e06df3ee5b3640aa05ad791efb03a0c50d5f2b3479a5e380a24e859d2a
SHA5123815e51172bef1474801855ba0423af9c1d62688edad9776917c4ba4fe4492a868324206881cf5432b905dea278f1f16dd34e805abd580b8efe37a35cf219ca9
-
Filesize
288KB
MD5ce9032fc27dc24f38c40c4116b2aec09
SHA1617bf0e6e5838af3740393cedbf38307b7248371
SHA2567bff5dd79349e4e42419a9f1720119cc19767df0ec1bedd6fada6a28a8be3749
SHA512a1883e330fd3483da59388e16da1f392af2174170700093f213a1b218f3d04ae9b1d3f6d3bc9ebeb69324440de414f7a92b92739e98e5880f3b7b078b9676af1
-
Filesize
21KB
MD538cfdb248210ffd12a6e774119609de8
SHA1d10a44e5d06c8a95e4c61ae770cc8f0c8d372253
SHA2565493c61cf725cf3a1d63cd9d07de75b0d6faa5564e772f7d0a6074f341442938
SHA5127d0ae6125e5c10d52847ac10e5200f2aaa84932ea5d10af54440c0abc27af19285cb760f0e8dad0bac4371e4b384ffaddcf235f9f1ba29e6dc41ef29deac4fba
-
Filesize
1KB
MD5660f24d2556cea09d277fe75fceea086
SHA1834d7f6a4d044d2000a4276435e47f626679a04a
SHA25633cfc68d173d8a73bbefd7fc035f747f0dd90d669721ac6fb7cf822fe19088f0
SHA512379a768bdeee988b34a817d114df99d06dfe993cdaab913c9d675489f0196ad05e044e2bc02d48b8db615cc19474f2f1f99433359a3fc5863e771337a15cf2e3
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression
Filesize218KB
MD5355d837549cee18c4a84a77a70a2756b
SHA133c5de31fda7ac065b17b89a6fc9e644a03c078c
SHA256d2547621952f15189bd0b01868fdfa09350acce54562ee432c458f664a102d44
SHA512d4afd49ba36e5759516ac96feb0b4919a1f0bfac4c5b2c2d5f51cd35c0a17ff5a8d8a3dc117611e513be8541ef694566b540671b7b9736a8385a157e5ba5ce11
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression
Filesize21.9MB
MD50bcc4233ff947f08d3d87d0a1632992f
SHA1dbe83745fbf6dfb824d65a810111dafce5856ffe
SHA256cb77635c5059038c7db8ad61a8b7c5acf5a6e752ead26e8cc9e2e83207b105b5
SHA512eeb41e036563bd1f36d58849e9f2c3c313d1e84c61d505d5ce50ce81fb21100f66f6035a214900eb7cb363533a06485c2a1bc799faf7d7eb1624b750fb3467eb
-
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression
Filesize125KB
MD543e320fb688db6b017a0c447a99f2e3c
SHA1449e3aba77122668547c8b557fd473b4ea1ef72f
SHA2565cfc622fbee9ba615c9a2a4a4c0733b1950cce10ddd18b0b7fa8b4ec60eb453e
SHA51282b69433eed63ffd12506961eeef3bc9d4b7f65b3639393f2d6ef14a67165b19e9c0b41ec68c55e683251592bb5239127616da5408aba76d6757007435633531
-
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/e/052-25574/052-25574.English.dist
Filesize11KB
MD5968ab128ea706e0998a0f477b93b35d5
SHA15290f79457ceaca10f86b870175e5096de273281
SHA256275cccf0e27e7b1a61f26a627c778bc3a8078d953b3896f39f3fb734957361a8
SHA5120298a3ff7a8b2c9919b10b2452b9550a9138730241f75fbab35fe2db3d778a1293aff4940148101f45a81532979f6c8d0f119924fc1f4dd8dce976909bdd0964
-
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/f/062-14334/062-14334.English.dist
Filesize2KB
MD5a7b653470ef625dad0c284de32caf4ce
SHA10dc4203bb17860eb9b65e8b2cbe58d5e2b029e2a
SHA25667b630ec1b4682b514a42255ee4e21a1d5099fb7ea3ce93603cb7b550f8fced0
SHA5123568f9d7e5c2623d77351210bbf1b5b0339a5aa2f623aed005d8eeb05210338d65625f07a724b6682d2761f41140aa3bbf8f532d542257f602633f675097d6a0
-
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/g/012-04872/012-04872.English.dist
Filesize2KB
MD584af1f7a03435cfef5fbcffb7a3c58c4
SHA1966643bdee53124295304e3fc6ad4e09a988222a
SHA2564286594444bfc059d0fc98d4048ba91b4aba3c5072dcda73c8851e650b836166
SHA5120ced3739663a028a1a3dd6155e64650454a0967573fc42c64862fab7355c4e682477a7a3fd56ce2a151a33baa8dd8fa3749e7ff543c1d49c10e3198267fafbcf
-
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate.SUCatalogDataManager/x/062-16716/062-16716.English.dist
Filesize2KB
MD5178f5ebbf05b005bdd36e0cddd2f4440
SHA1dbccafe49f3bbf0e19c490ffdd43a349306617a8
SHA256549acf5e9d84473c115122702794b29e794e99b00eee289c4426379d0c5afbdb
SHA512dd55dec93677c3247cb16f0f22a1ffedd33a762b54e338573b29b4c19eddfe49f2ca5233c116b57a16be3082c3d1f54df736000fc76284cd215f1df4ccb362b4
-
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/C/softwareupdated/com.apple.SoftwareUpdate/swcdn.apple.com/content/downloads/47/55/002-90015-A_VSZB7DY8DG/a3aeutlgmbhbfj02uok0g73k9h4i9uz50h/InstallAssistant.pkg.partialState
Filesize436B
MD5bee738fe24d4bf464db35f2ae59ed5e4
SHA1dbc21cd86bf8d454e2c9f57608dec00f80c97da1
SHA25626864b81a5a8f59b44b81242e3076fafd457f550706a0849dd2486cad5c19283
SHA512d4126beb637859f7d74e79c5a17cb05c2c0de5859b83a216ae931b67ed96892d85b6359fb29758e4fd7c7ee29db20673805c583d8f5ff748bbe0795ffebcdd37
-
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/MajorOSInfo.pkg
Filesize1.3MB
MD5d9612033a0bb5c1947be8c6d961e8dff
SHA189c0cdaa99797d57448dde971d42f77243881ff8
SHA256e28ab534af7c6c3e135800e7f83d8c979227d8553b767a998574bf8c63a7d31c
SHA512dae630a872b120f404abed9f8274393591ef6e30caed5579041b6878c5b2cbb24800be26666291e8c094fd4639c030155bd753f6a7bd4e84c4658b4f84cf5f37
-
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Info.plist
Filesize861B
MD5333836a7eb95f49b44940b2080fb9fc2
SHA13a3ae4545749d078fb34d7c01afedb11798ca663
SHA256f2cb9f107ce5e2593dac1643c9d69f9cf0f191a97f8e26c346765653dfec9685
SHA5122034e64024ae56149f4a0b10b2a3c625863efb341d91a473692f58ca495c55b0943f275a63b2a483fb3f78ca52d42b971b361905abcd3777938456aa1c30e2d9
-
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/OSBadge.icns
Filesize1.4MB
MD56691db1a52f872d5e2558838b1300191
SHA11aae9d9580239f60271c9221dd07e45fe672ef76
SHA2560dcf31da652109b8f6c02f07085dd415256b8f75fe284dfc4cf1f59df16e05f7
SHA51239a515bcfb179000d824b504874ed5c23bd4fde10c87b6792ddf33990f35e53253e0864b7be76804acfdca4c3549a0e424b4db2086c74594a47436b39c10dcd5
-
/var/folders/zz/zyxvpxvq6csfxvn_n00000s0000068/T/softwareupdated/062-01946_45A4618B-3C0B-4F73-8CB8-55C57DF005DF/Payload/System/Library/CoreServices/MajorOSInfo.bundle/Contents/Resources/en.lproj/Localizable.strings
Filesize148B
MD58b4ece7adf04487c3c0892458e42d9de
SHA15f54a72c67c2d88ff32b57ff5b24a919e872286c
SHA256525c6efad03dab0004451911c0ef31599085c1a260472b5f0bf995f86f2b16bb
SHA51257edaf2820cf8a541bec262a3872213a3abf1b87d32cce0e9c02d8df3601d21eb8cee02914775ca7a64585bec0f3da45791475122538e8716920848e0496d3c7
-
Filesize
1.1MB
MD59ad2d94b5e92326943ebb00f86af4943
SHA187b2c89c0b2616ceeb9979497b683178b9e0703d
SHA2560b3da297d821b43ef6ffe40b4627ce4294b7e3c9d52064495b6d3cf354bc5cea
SHA512c1ac631f03c49834e5374030bb6ce164000e5afc90f2789b8a6afc86ac4906453d9b2eb7167756e4d2e568cca9aa966afbc1a28e0b013079407c420bb54491f0
-
Filesize
425B
MD59ac377316f06c6a6fd99ee3e07593b87
SHA11dbea8980aff3e7d370a7d5599897d8ae0809da2
SHA2560694f19b95b76c8cf749a539321a09c173543f9d5a0b12140ebe8e84c53248b7
SHA512b9284cb2dfc836ccb6f5c5b4badbf2ca454c3da16a30030ea0b671213e7f31387046b834f9c14b6122bce94b78611e620cdea24107625ab7a3aa2e8bcd398432
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818
-
Filesize
4KB
MD5497da707fedea8441e87850568537ce2
SHA19ca3e46b64f68a1e1e538e723c06574b6e91a1a0
SHA256702dc0e9c7768a36a924bd00886d81d49ed993108d5cc554069ebe599e70df41
SHA5124a2df162994d4694326de8a84a11ad4867ddaf23aac98fcc0c6f447f2a1a864fcf225f9ca678dbcc10b96e11170349b85c369119aad58498361a760163793339
-
Filesize
8KB
MD508f2f5910f1ecebc80c74258e1ff295c
SHA144d460a6de4aedca1c4742f31c2d590eb6487545
SHA25621f34a1b54ddbea266e1a210e1523f8063282258e625b2cced855ab32969e524
SHA512c95bb3f412fe3be4208bdb5995c26729512c65448a34e9164c47e500a482cfbf55447dae011213719ff4beee7c2032c1919abff3429aff5cafb542e3c5f3e8fe