Analysis

  • max time kernel
    39s
  • max time network
    52s
  • platform
    macos-10.15_amd64
  • resource
    macos-20240611-en
  • resource tags

    arch:amd64arch:i386image:macos-20240611-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
  • submitted
    19-06-2024 11:22

General

  • Target

    AudioSlicer-1.1.1.dmg

  • Size

    938KB

  • MD5

    496cc2994ab31e703ceeff2083aa9b7b

  • SHA1

    432248b967d7e08ca9faf07cf98b0aaf7376600c

  • SHA256

    c0ef4d9b1690943def00ce4c7bb2838ff08cfe0d3ff85d39ca1e4ddc97593d01

  • SHA512

    f359245a9f28995b7e4476368b4217bd9a322e74e11a2ef0999231388dcabe038d7a75a46d04c35136a8312d22cd3894ed4408f5f8d13257dd62e01d9c997bbc

  • SSDEEP

    24576:OG3zz9sty+Fb+Dqyg///1HXIY0in4AGCe5tzT:Own2y+pmHg3/GtinfS

Score
4/10

Malware Config

Signatures

  • Resource Forking 1 TTPs 1 IoCs

    Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

Processes

  • /bin/sh
    sh -c "sudo /bin/zsh -c \"open /Volumes/AudioSlicer-1.1.1/AudioSlicer.app\""
    1⤵
      PID:546
    • /bin/bash
      sh -c "sudo /bin/zsh -c \"open /Volumes/AudioSlicer-1.1.1/AudioSlicer.app\""
      1⤵
        PID:546
      • /usr/bin/sudo
        sudo /bin/zsh -c "open /Volumes/AudioSlicer-1.1.1/AudioSlicer.app"
        1⤵
          PID:546
          • /bin/zsh
            /bin/zsh -c "open /Volumes/AudioSlicer-1.1.1/AudioSlicer.app"
            2⤵
              PID:547
            • /usr/bin/open
              open /Volumes/AudioSlicer-1.1.1/AudioSlicer.app
              2⤵
                PID:547
            • /usr/libexec/xpcproxy
              xpcproxy com.apple.nehelper
              1⤵
                PID:548
              • /usr/libexec/nehelper
                /usr/libexec/nehelper
                1⤵
                  PID:548
                • /usr/libexec/xpcproxy
                  xpcproxy com.apple.quicklook.satellite.88DC986C-A3E8-4BC9-86F6-B0EEFB1E33EB 551
                  1⤵
                    PID:553
                  • /System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
                    /System/Library/Frameworks/QuickLook.framework/Versions/A/XPCServices/QuickLookSatellite.xpc/Contents/MacOS/QuickLookSatellite
                    1⤵
                      PID:553
                    • /usr/libexec/xpcproxy
                      xpcproxy com.apple.bird
                      1⤵
                        PID:555
                      • /System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
                        /System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird
                        1⤵
                          PID:555
                        • /usr/libexec/xpcproxy
                          xpcproxy com.apple.pbs
                          1⤵
                            PID:557
                          • /usr/libexec/xpcproxy
                            xpcproxy com.apple.quicklook.ui.helper
                            1⤵
                              PID:558
                            • /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
                              /System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
                              1⤵
                                PID:558
                              • /usr/libexec/xpcproxy
                                xpcproxy com.apple.TextEdit.2092
                                1⤵
                                  PID:559
                                • /System/Applications/TextEdit.app/Contents/MacOS/TextEdit
                                  /System/Applications/TextEdit.app/Contents/MacOS/TextEdit
                                  1⤵
                                    PID:559
                                  • /usr/libexec/xpcproxy
                                    xpcproxy com.apple.metadata.mdwrite
                                    1⤵
                                      PID:560
                                    • /System/Library/CoreServices/pbs
                                      /System/Library/CoreServices/pbs
                                      1⤵
                                        PID:557
                                      • /usr/libexec/xpcproxy
                                        xpcproxy com.apple.audio.systemsoundserverd
                                        1⤵
                                          PID:570
                                        • /usr/sbin/systemsoundserverd
                                          /usr/sbin/systemsoundserverd
                                          1⤵
                                            PID:570

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • /Library/Preferences/com.apple.networkextension.uuidcache.plist

                                            Filesize

                                            42B

                                            MD5

                                            ce7f5b3d4bfc7b4b0da6a06dccc515f2

                                            SHA1

                                            ce657a52a052a3aaf534ecfbf7cbdde4ee334c10

                                            SHA256

                                            9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1

                                            SHA512

                                            db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb

                                          • /Library/Preferences/com.apple.networkextension.uuidcache.plist

                                            Filesize

                                            89B

                                            MD5

                                            4d3efd632ec536e165b91e26b8fbde8a

                                            SHA1

                                            833a9b9e93b418474bfacce83dbc6b3355ef6075

                                            SHA256

                                            05205992906b7e74d921ef7e1643c83c861abf69adabb15d3699620fd456a630

                                            SHA512

                                            d5493e235e660bb83300e367498f6695370f0552c627e35a202529069d65354a591b7c47c2567b2149dca9fc5084e3655216b2dd585b598d12af4d6f22aaf2fc