9ab258db43693b78593325ee6bdd1ff2632b7db42d31eb35ba5118d0e5729ed5

Analysis

max time kernel
101s
max time network
127s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
05/09/2024, 08:38 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Minecraft/Minecraft.app/Contents/runtime/jre-x64/1.8.0_74/bin/orbd
Size

101KB
MD5

313f9f590fd0af19664bbbc28466eab2
SHA1

6732bff373f13ba76913387d92fafac0d69a471c
SHA256

c6ce7c34bc687dde59530a9e15fb2e28f14f2d365331b651cc008d78e78e40a9
SHA512

8f01bf065708081c0244e7d919a1f6b27dd1b076aac4fc660af14b8dfa9395fd6ec534fb0cfd1698c638996c54cd294e9ae10d2253cb4fa575d301704f3a1de6
SSDEEP

1536:01SHDPGuWhkJ7g7/LRf7BD0fqwx9NL7wEVwJskAhTqBrS/gj3vdTKqlVK:01vuUE7I/LZ7Bnwxr7SwhGBrS/gj3Fr

Score

1^/10

Malware Config

Signatures

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Minecraft/Minecraft.app/Contents/runtime/jre-x64/1.8.0_74/bin/orbd\""
1⤵
PID:512

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Minecraft/Minecraft.app/Contents/runtime/jre-x64/1.8.0_74/bin/orbd\""
1⤵
PID:512

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Minecraft/Minecraft.app/Contents/runtime/jre-x64/1.8.0_74/bin/orbd
1⤵
PID:512
- /bin/zsh
  /bin/zsh -c /Users/run/Minecraft/Minecraft.app/Contents/runtime/jre-x64/1.8.0_74/bin/orbd
  2⤵
  PID:513
- /Users/run/Minecraft/Minecraft.app/Contents/runtime/jre-x64/1.8.0_74/bin/orbd
  /Users/run/Minecraft/Minecraft.app/Contents/runtime/jre-x64/1.8.0_74/bin/orbd
  2⤵
  PID:513

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:530

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:530

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon
1⤵
PID:535

/bin/launchctl
/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon
1⤵
PID:536

Network

DNS

local

Remote address:

8.8.8.8:53

Request

local

IN SOA

Response
DNS

cds.apple.com

Remote address:

8.8.8.8:53

Request

cds.apple.com

IN A

Response

cds.apple.com

IN CNAME

cds-cdn.v.aaplimg.com

cds-cdn.v.aaplimg.com

IN CNAME

cds.apple.com.akadns.net

cds.apple.com.akadns.net

IN CNAME

cds.apple.com.edgekey.net

cds.apple.com.edgekey.net

IN CNAME

e14768.dscb.akamaiedge.net

e14768.dscb.akamaiedge.net

IN A

104.103.245.125
GET

http://ocsp.apple.com/ocsp03-apsrsaca11g1/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFK2rIf4cXfO50li4D4I209Ic4w84BBRQArgTLBWD0UHDEYqLQjsBI0OpVgIQEYPz5D0GDx%2BPyz8PONYPuQ%3D%3D

Remote address:

17.253.77.201:80

Request

GET /ocsp03-apsrsaca11g1/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFK2rIf4cXfO50li4D4I209Ic4w84BBRQArgTLBWD0UHDEYqLQjsBI0OpVgIQEYPz5D0GDx%2BPyz8PONYPuQ%3D%3D HTTP/1.1
Host: ocsp.apple.com
Accept: */*
Accept-Language: en-us
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: com.apple.trustd/2.0

Response

HTTP/1.1 200 OK

Server: Apple
Date: Thu, 05 Sep 2024 02:54:01 GMT
Content-Type: application/ocsp-response
Content-Length: 1476
Expires: Thu, 05 Sep 2024 10:54:01 GMT
ETag: "70934f47a2637ee46a8451ba82fbc389948d8cf0"
Last-Modified: Thu, 05 Sep 2024 02:54:01 GMT
Age: 20971
Via: http/1.1 uklon5-vp-vst-013.ts.apple.com (acdn/255.14450), http/1.1 uklon5-vp-vfe-017.ts.apple.com (acdn/255.14450), http/1.1 gbmnc1-edge-lx-010.ts.apple.com (acdn/255.14450), http/1.1 gbmnc1-edge-bx-001.ts.apple.com (acdn/255.14450)
X-Cache: hit-stale, miss, hit-fresh, hit-fresh
CDNUUID: 5fb93b6c-f864-4867-ac7c-9b29e6e28596-19614963973
Connection: keep-alive
DNS

help.apple.com

Remote address:

8.8.8.8:53

Request

help.apple.com

IN A

Response

help.apple.com

IN CNAME

help.origin-apple.com.akadns.net

help.origin-apple.com.akadns.net

IN CNAME

help-ar.apple.com.edgekey.net

help-ar.apple.com.edgekey.net

IN CNAME

e11408.d.akamaiedge.net

e11408.d.akamaiedge.net

IN A

23.46.73.181

17.250.81.69:443

tls, https

128 B
40 B
2
1
104.103.245.125:443

cds.apple.com

tls

18.5kB
164.7kB
209
195
17.253.77.201:80

http://ocsp.apple.com/ocsp03-apsrsaca11g1/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFK2rIf4cXfO50li4D4I209Ic4w84BBRQArgTLBWD0UHDEYqLQjsBI0OpVgIQEYPz5D0GDx%2BPyz8PONYPuQ%3D%3D

http

637 B
2.4kB
6
5

HTTP Request

GET http://ocsp.apple.com/ocsp03-apsrsaca11g1/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFK2rIf4cXfO50li4D4I209Ic4w84BBRQArgTLBWD0UHDEYqLQjsBI0OpVgIQEYPz5D0GDx%2BPyz8PONYPuQ%3D%3D

HTTP Response

200
23.46.73.181:443

help.apple.com

tls

29.5kB
110.9kB
163
136
23.46.73.181:443

help.apple.com

tls

1.6kB
2.5kB
11
10

8.8.8.8:53

local

dns

51 B
126 B
1
1

DNS Request

local
224.0.0.251:5353

520 B
3
8.8.8.8:53

cds.apple.com

dns

59 B
218 B
1
1

DNS Request

cds.apple.com

DNS Response

104.103.245.125
8.8.8.8:53

help.apple.com

dns

60 B
196 B
1
1

DNS Request

help.apple.com

DNS Response

23.46.73.181

Windows 7 deprecation

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.