2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

Analysis

max time kernel
1431s
max time network
1632s
platform
macos-10.15_amd64
resource
macos-20240711.1-en
resource tags

arch:amd64arch:i386image:macos-20240711.1-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
28-09-2024 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eicar_com.zip
Size

184B
MD5

6ce6f415d8475545be5ba114f208b0ff
SHA1

d27265074c9eac2e2122ed69294dbc4d7cce9141
SHA256

2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad
SHA512

d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010

Score

4^/10

evasion execution

Malware Config

Signatures

JavaScript 1 TTPs 1 IoCs

Adversaries may abuse various implementations of JavaScript for execution.

execution

JavaScript

T1059.007

ioc	Process
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/tmp/hello.jar	Process not Found

Resource Forking 1 TTPs 1 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

ioc	Process
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper	Process not Found

EICAR Anti-Malware test file 1 IoCs

resource	yara_rule
behavioral1/files/0x000000030008ba0f-13.dat	eicar_test_file

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/eicar_com.zip\""
1⤵
PID:476

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/eicar_com.zip\""
1⤵
PID:476

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/eicar_com.zip
1⤵
PID:476
- /bin/zsh
  /bin/zsh -c /Users/run/eicar_com.zip
  2⤵
  PID:479
- /Users/run/eicar_com.zip
  /Users/run/eicar_com.zip
  2⤵
  PID:479

/usr/libexec/xpcproxy
xpcproxy com.apple.quicklook.ui.helper
1⤵
PID:513

/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
/System/Library/Frameworks/Quartz.framework/Frameworks/QuickLookUI.framework/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHelper
1⤵
PID:513

/usr/libexec/xpcproxy
xpcproxy com.apple.JarLauncher.2128
1⤵
PID:515

/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher
"/System/Library/CoreServices/Jar Launcher.app/Contents/MacOS/Jar Launcher"
1⤵
PID:515
- /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
  "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -jar /Users/run/tmp/hello.jar
  2⤵
  PID:517

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:516

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:519

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:519

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:520

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:520

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.232E0DAC-2A83-487A-9AEE-6595702F00EA 519
1⤵
PID:521

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:526

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.C38C204E-3510-4E7B-91BE-B4E9ABB02EC1 519
1⤵
PID:527

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:527

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 519
1⤵
PID:528

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:528

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SafeBrowsing.Service
1⤵
PID:534

/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
/System/Library/PrivateFrameworks/SafariSafeBrowsing.framework/com.apple.Safari.SafeBrowsing.Service
1⤵
PID:534

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.2E4C54B8-FF9E-468A-B540-B507E79402A3 519
1⤵
PID:535

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:535

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.33F02B8F-8AD7-47D2-84CA-281FF06B9784 519
1⤵
PID:536

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.4E37BFE1-D966-4D36-BD1A-F9E1FAD7E067 519
1⤵
PID:537

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:537

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:541

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:541

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.CE4CE7C4-E6A8-472A-9C24-672C2828AD57 519
1⤵
PID:542

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:542

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.E12E91EB-6146-4998-B06C-2B0164D416AE 519
1⤵
PID:545

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:545

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SandboxBroker 519
1⤵
PID:546

/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
/Applications/Safari.app/Contents/XPCServices/com.apple.Safari.SandboxBroker.xpc/Contents/MacOS/com.apple.Safari.SandboxBroker
1⤵
PID:546

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:547

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:547

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:548

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:548

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.90E1239E-CBBF-4B26-8110-1138155D1941 519
1⤵
PID:559

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:559

/usr/libexec/xpcproxy
xpcproxy com.apple.accessibility.mediaaccessibilityd
1⤵
PID:560

/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
/System/Library/Frameworks/MediaAccessibility.framework/Versions/A/XPCServices/com.apple.accessibility.mediaaccessibilityd.xpc/Contents/MacOS/com.apple.accessibility.mediaaccessibilityd
1⤵
PID:560

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 559
1⤵
PID:561

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:561

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.F3AC23E0-87B4-45F1-ADA0-65343249B909 519
1⤵
PID:562

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.0E201271-4921-48E8-BD15-4AE53D1AF287 519
1⤵
PID:563

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:562

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:563

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.AE2AFCE0-F278-4E61-BE67-DF8744A7D614 519
1⤵
PID:564

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.AudioComponentRegistrar
1⤵
PID:565

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
1⤵
PID:565

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 559
1⤵
PID:566

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.1DFF0AA6-16C1-468F-B6C9-DD88B74D04AA 519
1⤵
PID:567

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.FADC091F-6079-4316-8FD1-4C4DE89E0494 519
1⤵
PID:568

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.A118B62B-11BC-4D53-BBC3-5FADA7DDF9CE 519
1⤵
PID:569

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.C198E548-9493-43F9-8829-9AF4F0FB2D99 519
1⤵
PID:570

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.E9C82C09-E9A7-47C4-B5BE-D41284DE78AE 519
1⤵
PID:571

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 569
1⤵
PID:573

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:573

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 569
1⤵
PID:574

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:574

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.6AD2DAB9-B939-443E-93E1-6F20CDA5FFDD 519
1⤵
PID:575

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:575

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.CDC29E96-3583-4CB0-8C23-28E846CCCA6D 519
1⤵
PID:577

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:577

/usr/libexec/xpcproxy
xpcproxy com.apple.coremedia.videodecoder 570
1⤵
PID:578

/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
1⤵
PID:578

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.B6D3C747-FDB7-47F1-927C-000B81F4A63A 519
1⤵
PID:579

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:579

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.48CF39AD-91BC-4411-A5D8-711B3D2C7D15 519
1⤵
PID:580

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:580

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.01AD5FA6-BB46-4604-A1E6-000B7AE7D12B 519
1⤵
PID:581

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:581

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.20FC2E0B-2BAD-4396-AAC1-DF2D29D2D694 519
1⤵
PID:582

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:582

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.669944EE-F13A-4AE1-9491-A190D2D0B5B9 519
1⤵
PID:583

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:583

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.7576300C-E47C-4736-8664-7FDB7CDBFA14 519
1⤵
PID:584

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:584

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.B8348747-7717-4B86-BFFB-89A2AFD5C7E2 519
1⤵
PID:585

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:585

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.E4BE4612-F6E6-4409-BEF6-0FB29DB56838 519
1⤵
PID:586

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:586

/usr/libexec/xpcproxy
xpcproxy com.apple.audio.SandboxHelper 586
1⤵
PID:587

/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
/System/Library/Frameworks/AudioToolbox.framework/XPCServices/com.apple.audio.SandboxHelper.xpc/Contents/MacOS/com.apple.audio.SandboxHelper
1⤵
PID:587

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.DC952B00-053F-47AD-9B22-D8F9C06B10A1 519
1⤵
PID:588

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:588

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:592

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:592

/usr/libexec/xpcproxy
xpcproxy com.apple.DiagnosticReportCleanup.plist
1⤵
PID:594

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Downloads/eicar.com

Filesize
68B

MD5
44d88612fea8a8f36de82e1278abb02f

SHA1
3395856ce81f2b7382dee72602f798b642f14140

SHA256
275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f

SHA512
cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/245DEFBA7FC14CA6B3E01868749E9BB4

Filesize
5KB

MD5
e25c665e8520f7a790a7ba053cb9fe05

SHA1
8958da364401a90f75334d4ae4bc77cca1ebc17f

SHA256
6f2b1b2d0dfcfacebd8c9914304b7bb0b6edb55558ce72e295523c594a0b1a88

SHA512
4afb9cf237f5d37f3ee4138ec343d2fcc69a31d2715f890d1d4402b39147ae6d47ea3253339b991eb4ab7902afbaa152f4a393e0341c7a714c2d9be96e5560ed

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/2529545429CE075A4E64DE7DAA3D4C27

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/76E038D860D4C79B6E48C6C141C4FD55

Filesize
5KB

MD5
014e80e16228a0d0bb8a1b0e9ecf41cf

SHA1
4c71e461542bc57fe215dacfd218b842d9d19c60

SHA256
1f2f54d83235b2f224a0f5270316c8ccb0df3c396618641693815e50418e5b46

SHA512
5bf90ad44ffc5892e253abf3cec2855ac383f71827ad2c7c3fb7ee5580d5e01da6d6a73b0a1e4a5bf37cbaad3c8536a495d4e0dda713c5a6321fe044eea78f09

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/82C106FB1FC3537EF596E92776C1C705

Filesize
14KB

MD5
a4cd8ddcf76fdaef942108d0db3bd0e3

SHA1
9b3120cd86287ad3d69533969b22440ae3ef958c

SHA256
c48a282f94521ccd0e3c7b9fe0432f4b1ccaf1418e297893024fe3c5c38a405a

SHA512
98f4e771a90230ae6e10c175ff848478fa4860f110307c331e19d2ed474b534940350b68ab7ce53d6e4ee649301c87080adcb82ae4f9ce4f881499920f9c42d0

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/8CAEAA2EE3F5BA1CA55EEE3FFE2A6287

Filesize
5KB

MD5
8696071fa2661efd847f70577c721057

SHA1
267f01d420905f8a17c0f0b5f16f1f969809e445

SHA256
ba91878eb4bf1a2775c619e19ff30ae530a63f85ec7ae9ed88388380f0209c20

SHA512
d5ef80be9cd9ffe10f7040c763333c5d270933ce94f6f0f604ba09b49fd21e826bd75d09bb5fb8e41b599e9d352d8af2951aa2c69793111d9bf7a1633fd90cd4

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/9D84DA0D2B29BBD821A0FDFB00A81477

Filesize
5KB

MD5
a411b6dded2bc84285d54a7e921c4e2f

SHA1
bc0b7f9f4c44fbc3545ec53c79cfe066c6e21b69

SHA256
a9dcca47be3b77872c824e08a8f1373252fdbb3e53599c361af10468185cce46

SHA512
8a54a6fcbc520636041fdee5f4f796aa9b3a262c2b8bae5f2dea5d9623259d275cd4543f6001ddd69c460f1df2ad3a0462b9b1855a6e7beae54102ce6609fdac

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/A88351DD9A28FB163BF17057581B7EC3

Filesize
5KB

MD5
e1bd0d273996707e4dae9cbe16dcf257

SHA1
5e8addb7df6505e5255d7af9999024f7ad8e84ad

SHA256
b3b6fe9e63263ba6f7743038448d8d1d3bb850cd8bcfd7f00b2569f417c21465

SHA512
3f3209266174a9eeb5e4dd059d486a0ee3dbad4f4e3cb79e14050dd50e4689098ac12f213ac100d2524046e507f16632c11862ebcd46c75184c87764b34df19d

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/E00E81D723D187B3878FF480A6F71AAC

Filesize
5KB

MD5
5b335fed80b5ce3248e94a3556ff9cfd

SHA1
e674f478a43e473ccc84bb32efe24f47bfb8d681

SHA256
7b60fc39fffb858cc8f3b49efc39fc98074da3cda201fafae2ab25c265cfc880

SHA512
6662a34106ff2f3172932892ad53d16f500ea641422b79699968b1d39a69a2d85b3a8438a280b0692a03235d1e5514f4240f9bdbad11a0a480950dc727ab31b2

Download Submit
/Users/run/Library/Safari/Favicon Cache/favicons/E3A9BCA3941649D499BFB1F5EFF0955D

Filesize
5KB

MD5
5b1c2f5f2353cbdbb63a7462ee16bf7d

SHA1
45d81171a38e4cc69bd230b3b9a58d63dc7cd895

SHA256
aca7afaada89afc42f8ddff793cdbfd0b111375b717629b9c6289788d2c7527a

SHA512
deba46339a267735d5773711d33c1cb0e452a8b163adc2ee18c51bb417e53ef3e8390768fc164dad05434a9b216680eb96c10c53805a73ba54ef8185da8d5d35

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/malware,osx,url_expression

Filesize
245KB

MD5
b5dcaf37b6c615ee032fdaa798ed1a5f

SHA1
81722a17213ca76c6b05ddedecb74aa39c63ac3e

SHA256
7ddcf0362d96c6b173e0610e5a4aec386aed10b3f1a43f16905d8467705ebbf9

SHA512
196d1b2d0d07646a58c9646b9b4263356ac7d8df4db5801f39b2c8c05c3aa7b4c4ee73048530467d0981bff63fe416acb78968a2a2e035375c282c9cfa9a564f

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/social_engineering,osx,url_expression

Filesize
16.8MB

MD5
6cea5c1348df601ec572af788fe49df1

SHA1
9494e4ffd445f1c6b13756038f0c98dfc890661c

SHA256
880b4b24854d6b82c3102b0150704f0ecc23ae48af546b6b83ab4fca0046d4e2

SHA512
b143caa6b7eff23753850d9bc7040a13c5622e0db6e86fe6974cea5d42253f0e886835db31bf743f70dd0486e48625ded859351176eb1823a04bc8bfa4f1a6b0

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari.SafeBrowsing/Google/unwanted_software,osx,url_expression

Filesize
122KB

MD5
f132374d3d3929c5aabc29ffb4c58e20

SHA1
274d63f7bbce4d2614e8226d5103acd8c2d5332d

SHA256
751914beac1c12941c1713f87021df56e5d370cb7bf23f95c0ab4cc3d3ef3f7c

SHA512
06d0a09ba348afade83773814be7e82df365721f9795ddf964b8fdd797b2300f32ef043fd8354398efaf1c596984778c05f449ae179fc587cfe53e095f37efc9

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit