Analysis
-
max time kernel
102s -
max time network
125s -
platform
macos-10.15_amd64 -
resource
macos-20240711.1-en -
resource tags
arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system -
submitted
27-07-2024 11:03
Static task
static1
Behavioral task
behavioral1
Sample
AutoClicker.exe
Resource
macos-20240711.1-en
General
-
Target
AutoClicker.exe
-
Size
854KB
-
MD5
c500a7318204cc39a9e4b544fbf4f4ff
-
SHA1
f35013967cb5ff638491edb409eee863c5f8ada0
-
SHA256
45bd2a14ac56f7a71d9c8b358cc0769972b5477edd1744e1f2085961558040a8
-
SHA512
f57d2c6ad185bff1824ddfcdd1f8fea9da6a832c6ef421cbd8645b7ac78a9d5b4d0d321ebbf6559729d470c05ef579020bb2411fa361e9b0acf51e640e4e1580
-
SSDEEP
12288:maWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlvh:haHMv6CGrjBnybQg+mmhJh
Malware Config
Signatures
-
Resource Forking 1 TTPs 8 IoCs
Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.
ioc Process /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref Process not Found /System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool Process not Found /System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane/Contents/Resources/DesktopPictures.prefPane/Contents/XPCServices/com.apple.preference.desktopscreeneffect.desktop.remoteservice.xpc/Contents/MacOS/com.apple.preference.desktopscreeneffect.desktop.remoteservice Process not Found /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer Process not Found "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck Process not Found /System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool Process not Found /System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool Process not Found /System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck Process not Found
Processes
-
/usr/libexec/xpcproxyxpcproxy com.apple.gkreport1⤵PID:483
-
/usr/libexec/xpcproxyxpcproxy com.apple.loginwindow.LWWeeklyMessageTracer1⤵PID:484
-
/usr/libexec/xpcproxyxpcproxy com.apple.systemstats.daily1⤵PID:485
-
/usr/libexec/xpcproxyxpcproxy com.oracle.java.Java-Updater1⤵PID:486
-
/usr/libexec/xpcproxyxpcproxy com.apple.newsyslog1⤵PID:487
-
/usr/libexec/gkreport/usr/libexec/gkreport1⤵PID:483
-
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer1⤵PID:484
-
/bin/shsh -c "sudo /bin/zsh -c \"/Users/run/AutoClicker.exe\""1⤵PID:488
-
/bin/bashsh -c "sudo /bin/zsh -c \"/Users/run/AutoClicker.exe\""1⤵PID:488
-
/usr/bin/sudosudo /bin/zsh -c /Users/run/AutoClicker.exe1⤵PID:488
-
/bin/zsh/bin/zsh -c /Users/run/AutoClicker.exe2⤵PID:490
-
-
/Users/run/AutoClicker.exe/Users/run/AutoClicker.exe2⤵PID:490
-
-
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck1⤵PID:486
-
/usr/sbin/newsyslog/usr/sbin/newsyslog1⤵PID:487
-
/usr/libexec/xpcproxyxpcproxy com.apple.sysmond1⤵PID:517
-
/usr/libexec/sysmond/usr/libexec/sysmond1⤵PID:517
-
/usr/libexec/xpcproxyxpcproxy com.apple.audio.AudioComponentRegistrar1⤵PID:518
-
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon1⤵PID:518
-
/usr/libexec/xpcproxyxpcproxy com.apple.PerformanceAnalysis.animationperfd1⤵PID:524
-
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd1⤵PID:524
-
/usr/libexec/xpcproxyxpcproxy com.apple.systempreferences.21401⤵PID:526
-
/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"1⤵PID:526
-
/usr/libexec/xpcproxyxpcproxy com.apple.AccountProfileRemoteViewService 5261⤵PID:527
-
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService1⤵PID:527
-
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool1⤵PID:529
-
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool1⤵PID:530
-
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck1⤵PID:531
-
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref1⤵PID:532
-
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool1⤵PID:533
-
/usr/libexec/xpcproxyxpcproxy com.apple.nfcd1⤵PID:535
-
/usr/libexec/nfcd/usr/libexec/nfcd1⤵PID:535
-
/usr/libexec/xpcproxyxpcproxy com.apple.studentd1⤵PID:536
-
/usr/libexec/studentd/usr/libexec/studentd1⤵PID:536
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump1⤵PID:538
-
/usr/sbin/spindump/usr/sbin/spindump1⤵PID:538
-
/usr/libexec/xpcproxyxpcproxy com.apple.tailspind1⤵PID:539
-
/usr/libexec/tailspind/usr/libexec/tailspind1⤵PID:539
-
/usr/libexec/xpcproxyxpcproxy com.apple.spindump_agent1⤵PID:540
-
/usr/libexec/spindump_agent/usr/libexec/spindump_agent1⤵PID:540
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon1⤵PID:541
-
/bin/launchctl/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon1⤵PID:542
-
/usr/libexec/xpcproxyxpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E1⤵PID:548
-
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService1⤵PID:548
-
/usr/libexec/xpcproxyxpcproxy com.apple.preference.desktopscreeneffect.desktop.remoteservice 5261⤵PID:549
-
/System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane/Contents/Resources/DesktopPictures.prefPane/Contents/XPCServices/com.apple.preference.desktopscreeneffect.desktop.remoteservice.xpc/Contents/MacOS/com.apple.preference.desktopscreeneffect.desktop.remoteservice/System/Library/PreferencePanes/DesktopScreenEffectsPref.prefPane/Contents/Resources/DesktopPictures.prefPane/Contents/XPCServices/com.apple.preference.desktopscreeneffect.desktop.remoteservice.xpc/Contents/MacOS/com.apple.preference.desktopscreeneffect.desktop.remoteservice1⤵PID:549
-
/usr/libexec/xpcproxyxpcproxy com.apple.coremedia.videodecoder 5491⤵PID:550
-
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService1⤵PID:550
-
/usr/libexec/xpcproxyxpcproxy com.apple.metadata.mdwrite1⤵PID:552
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportCrash.Root1⤵PID:553
-
/usr/libexec/xpcproxyxpcproxy com.apple.coremedia.videodecoder 2781⤵PID:554
-
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService1⤵PID:554
-
/System/Library/CoreServices/ReportCrash/System/Library/CoreServices/ReportCrash daemon1⤵PID:553
-
/usr/libexec/xpcproxyxpcproxy com.apple.ReportMemoryException1⤵PID:555
-
/usr/libexec/ReportMemoryException/usr/libexec/ReportMemoryException1⤵PID:555
-
/bin/shsh -c /usr/sbin/kextstat1⤵PID:558
-
/bin/bashsh -c /usr/sbin/kextstat1⤵PID:558
-
/usr/sbin/kextstat/usr/sbin/kextstat1⤵PID:558
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
676B
MD5d3b75cf485f2b5b6a1fe9df6d061aa38
SHA19f875ea33c39ce0a5e624c183a8a08419f24ef4e
SHA2568c4f174a767d856ba3e9f09c17820ccd6958c4c02b5dd62623c3f2b2341effd1
SHA5127144e4c064fd08380706ab215ac2ef449388ca43985e69a16619a196e9621cfd92234b81abe7918a19a958c7ff8bd8326b82a4262dde7246b6323f0e624a5cfa
-
Filesize
17.3MB
MD558f4b45d22f65e65db35cfd676d69f67
SHA11b8271c48228cbf73581902a7f877b612d220cee
SHA256e3eed41a9a5d026b7c369ab531893031dd5b60c7eb46fe687b7ca66d0ed69e28
SHA5121d11c77d57c1e8df19751d5db8fe6bf8310247e85007188208ef7e004121007f39859fc25b62ab94424dc794b17b5e546b1722f86723e14bf568fe38bad6b124
-
Filesize
47KB
MD50e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA5121dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20
-
Filesize
4KB
MD5d3a1859e6ec593505cc882e6def48fc8
SHA1f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA2563ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818
-
Filesize
109KB
MD5c4976f4a2ce934c195f1cc4499251123
SHA1a685e9a15ffead2705a9a5481af1105a7d80521e
SHA2564b0ce0cfb546bb0a8ca981b04f6e655a94475330f8b5e1084b02d26faf5334d7
SHA51226474adb04cc6e1cb54d91ec8878c46e8931b2ae14d01aae17c05c5de2cc8a40897900a8ee64e990ba4e84b629e50b28aa8de024ab4c5595708b1362ceb8c008
-
Filesize
4.3MB
MD541f2471deab90c1b592193e96ec7bfb5
SHA171e22dcb0c4e0379dd2325bba01bf46399743660
SHA25676d2f54a5018faa79b6bf87a35a42e641d099687a72e0e7a28a93af1c70ca656
SHA512ba33e8ce718e0e306bf2178e4f56f37ac7ec4cd016bb6485f7e312d3a8b6a363fafaf2cff2465ff66b346d78018300f45b730913c709d66aadb4cfb330bb2820