06acbac66e5b92532134fd65395f9211ed0cd063eb81257812b10b66c508ed68

Resubmissions

05/08/2024, 13:12

240805-qfnmvsxamk 1

05/08/2024, 13:10

240805-qekvks1aqb 1

05/08/2024, 13:09

240805-qdyeaa1anf 1

Analysis

max time kernel
32s
max time network
35s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
05/08/2024, 13:09

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

2628285.jpg
Size

426KB
MD5

05527da3d1a36bee4914d4c57c2854f1
SHA1

8f69de0708f6d0636f0e598252e928dd43385d39
SHA256

06acbac66e5b92532134fd65395f9211ed0cd063eb81257812b10b66c508ed68
SHA512

ad280c125ecc11050cd691854eb3091fb9998dbde3894744437dee6fdbecd858151e18bff6baf58a9169e589d9a7eea47e358fceb0a6fdca2f36d77ea33671b4
SSDEEP

12288:Y0CTCi5q9SnJX1TSzkRiedgoToWfsjXPFOxG2:YPeiAAntlS8KqFfsjPFOxh

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/2628285.jpg\""
1⤵
PID:488

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/2628285.jpg\""
1⤵
PID:488

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/2628285.jpg
1⤵
PID:488
- /bin/zsh
  /bin/zsh -c /Users/run/2628285.jpg
  2⤵
  PID:489
- /Users/run/2628285.jpg
  /Users/run/2628285.jpg
  2⤵
  PID:489

/System/Applications/TV.app/Contents/MacOS/TV
/System/Applications/TV.app/Contents/MacOS/TV
1⤵
PID:510

/usr/libexec/xpcproxy
xpcproxy com.apple.accessibility.mediaaccessibilityd
1⤵
PID:516

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
1⤵
PID:516

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.648492E8-C6BE-4A79-AB7B-D182B9A42C1B 510
1⤵
PID:521

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:523

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:523

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.FFD48AFA-C6AE-44A0-91AD-DFBB23FECC4B 510
1⤵
PID:526

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.PackageKit.InstallStatus
1⤵
PID:529

/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress
"/System/Library/CoreServices/Install in Progress.app/Contents/MacOS/Install in Progress"
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.warmd_agent
1⤵
PID:530

/usr/libexec/warmd_agent
/usr/libexec/warmd_agent
1⤵
PID:530

/usr/libexec/xpcproxy
xpcproxy com.apple.ViewBridgeAuxiliary
1⤵
PID:531

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 125
1⤵
PID:532

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:532

/usr/libexec/xpcproxy
xpcproxy com.apple.sessionlogoutd
1⤵
PID:533

/System/Library/CoreServices/sessionlogoutd
/System/Library/CoreServices/sessionlogoutd
1⤵
PID:533

/sbin/shutdown
/sbin/shutdown -h now
1⤵
PID:0
- /bin/sh
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:536
- /bin/bash
  sh -c "/usr/bin/wall -n"
  2⤵
  PID:536
- /usr/bin/wall
  /usr/bin/wall -n
  2⤵
  PID:536
- /System/Library/Extensions/IOGraphicsFamily.kext/iogdiagnose
  iogdiagnose -b /var/log/displaypolicy/iogdiagnose-last.bin
  2⤵
  PID:0
- - /usr/sbin/spindump
    spindump -shutdownstall 2 -timelimit 5
    3⤵
    PID:538
- - /bin/sh
    sh -c /usr/sbin/kextstat
    3⤵
    PID:539
- - /bin/bash
    sh -c /usr/sbin/kextstat
    3⤵
    PID:539
- - /usr/sbin/kextstat
    /usr/sbin/kextstat
    3⤵
    PID:539
- - /bin/bash
    bash /private/var/install/shutdown_installer_tasks
    3⤵
    PID:540
- - /bin/bash
    bash /private/var/install/deferred_install
    3⤵
    PID:541

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Movies/TV/TV Library.tvlibrary/Application.tvdb

Filesize
250B

MD5
91a7492de6eca265148d631dbbb3d2ea

SHA1
dbd8116a526c352aefdb2e28ca97844292995664

SHA256
d4985bd31bf26c9a980f50af38132055731bad951a181aafa38811bebb184609

SHA512
7cc9e127f8f564fc8129fef7ef563e0780dddc14f6d5d958d4b344915756ab49acbaa094a90ec6f69a5a60dbe49ac929fb3907880e17e6c81130c3c9c542d4ff

Download Submit
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.WebKit.WebContent.Sandbox/CompiledSandbox+_1YYzncKIoXjhjWCwKl267SpBYLvsZewldQMq9uV4SU

Filesize
48KB

MD5
220cf5e933e977986eb1004743b55d27

SHA1
b54cc29602d39247c7595cab725f678ec6de79cc

SHA256
3dca99f87ab1858ed50e3b63aac64b90347492c50a53b3d4835a4609b1600f7c

SHA512
379453af4dbc7f6b2082d04ba1c217f64448bf9ceaf602a4784f69a2e97641e39e28d2b6e21e47b0ee9af39fc918eeaad2aebab59ae2eb9456fb172e85d28bfe

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
215KB

MD5
900c325d7cd30376605f6cd008bcde65

SHA1
7fb48a05211edf9be2d52d8de0f908c6e870e3ac

SHA256
83d7b76661b52d7f35bd673168882f3e8da8f9305275e78b21b13b9c7e8bc295

SHA512
afe16002523c272a69e483d8945f6ed0ac492ea45ae423461bd846d72fde4a4ddf04f593b81292fca4f2469a90b47399229b03b054426b88781bf3249dc3bd47

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
21.8MB

MD5
7c29ed2afbdd69b343b4121ead3ddfb1

SHA1
27b7e4d1e3209a057bf63ee8f55fb78289bd1962

SHA256
952da23d703d7ae7d819b919daab7793ae22e293786556152df3aa02f7851616

SHA512
bcf4a29644dac7ac47f4ef15e35c8eb65059c44afb0e4c955adb811c93fda321b58b45e1da58574a1ffb423feebb3c0b339ad21d1a484728fe0a6fd556e325c7

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
127KB

MD5
203ab6ab214a2f40f08c9720bfc6c918

SHA1
54f602c9395cadcc416be71dc6a9a03ffd55db44

SHA256
b2daaae78a4f23237d1402869ab6d848ab0bc4aa0fba02dcf69d45bf03f450ac

SHA512
0290e5374cc9e377b7d8b98dc0ec04e7463869e5f93df9e3c4ab4b52a88ee00a4e0ce0e5e49691a6af25d6e1358f21be2f16cbb01ba00f88b99e74b8ce11f03a

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//spindump.txt

Filesize
160KB

MD5
daffd563b06b96791fe9048e28a33329

SHA1
48ffab956a3affcb5f8b62527d6be8140c965613

SHA256
305f45c478d7ae7e9f09a8cd037cb3b5762bd2811fe9d56c28e4fad78d74530a

SHA512
162b614de792cdf0a8ca5e4a7f90a2650b30011487524faae68055a74dc303726e35f421b8668a8ef6fe9a4573a33b0eba08a85b5bd939f263f33c368e4da223

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads