283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

Resubmissions

09-11-2024 05:47

241109-ghd2rsyjdt 1

09-11-2024 05:47

09-11-2024 05:46

09-11-2024 05:45

09-11-2024 05:44

09-11-2024 05:39

Analysis

max time kernel
52s
max time network
53s
platform
macos-10.15_amd64
resource
macos-20241101-en
resource tags

arch:amd64arch:i386image:macos-20241101-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
09-11-2024 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WannaCrypt0r (1).zip
Size

3.3MB
MD5

e58fdd8b0ce47bcb8ffd89f4499d186d
SHA1

b7e2334ac6e1ad75e3744661bb590a2d1da98b03
SHA256

283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
SHA512

95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c
SSDEEP

49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW

Score

4^/10

evasion

Malware Config

Signatures

Resource Forking 1 TTPs 3 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	process
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/WannaCrypt0r (1).zip\""
1⤵
PID:473

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/WannaCrypt0r (1).zip\""
1⤵
PID:473

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/WannaCrypt0r (1).zip"
1⤵
PID:473
- /bin/zsh
  /bin/zsh -c "/Users/run/WannaCrypt0r (1).zip"
  2⤵
  PID:474

/usr/libexec/xpcproxy
xpcproxy com.apple.sysmond
1⤵
PID:484

/usr/libexec/sysmond
/usr/libexec/sysmond
1⤵
PID:484

/usr/libexec/xpcproxy
xpcproxy com.apple.iCal.CalendarNC 314
1⤵
PID:501

/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC
/System/Applications/Calendar.app/Contents/PlugIns/com.apple.iCal.CalendarNC.appex/Contents/MacOS/com.apple.iCal.CalendarNC
1⤵
PID:501

/usr/libexec/xpcproxy
xpcproxy com.apple.ncplugin.stocks 314
1⤵
PID:502

/usr/libexec/xpcproxy
xpcproxy com.apple.ncplugin.weather 314
1⤵
PID:503

/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks
/System/Library/CoreServices/StocksWidget.app/Contents/PlugIns/com.apple.ncplugin.stocks.appex/Contents/MacOS/com.apple.ncplugin.stocks
1⤵
PID:502

/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather
/System/Library/CoreServices/Weather.app/Contents/PlugIns/com.apple.ncplugin.weather.appex/Contents/MacOS/com.apple.ncplugin.weather
1⤵
PID:503

/usr/libexec/xpcproxy
xpcproxy com.google.Chrome.3056
1⤵
PID:511

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
1⤵
PID:511

/usr/libexec/xpcproxy
xpcproxy com.apple.GameController.gamecontrollerd
1⤵
PID:513

/usr/libexec/gamecontrollerd
/usr/libexec/gamecontrollerd
1⤵
PID:513

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler" "--monitor-self-annotation=ptype=crashpad-handler" "--database=/Users/run/Library/Application Support/Google/Chrome/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=channel=" "--annotation=plat=OS X" "--annotation=prod=Chrome_Mac" "--annotation=ver=101.0.4951.54" "--handshake-fd=5"
1⤵
PID:515

/usr/bin/profiles
/usr/bin/profiles status -type enrollment
1⤵
PID:516

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz"
1⤵
PID:517

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize" com.google.Chrome
1⤵
PID:518

/usr/bin/tar
/usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist
1⤵
PID:519

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded
1⤵
PID:521

/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
"/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --wake-all --system
1⤵
PID:522

/Users/run/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
"/Users/run/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --wake-all
1⤵
PID:524

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)" "--type=gpu-process" "--gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA=" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=19"
1⤵
PID:523

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=network.mojom.NetworkService" "--lang=en-GB" "--service-sandbox-type=network" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=19"
1⤵
PID:525

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=storage.mojom.StorageService" "--lang=en-GB" "--service-sandbox-type=utility" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=19"
1⤵
PID:526

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
"/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)" "--type=utility" "--utility-sub-type=mac_notifications.mojom.MacNotificationProvider" "--lang=en-GB" "--service-sandbox-type=none" --message-loop-type-ui --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072"
1⤵
PID:527

/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
"/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6597.0" "--handshake-fd=4"
1⤵
PID:0
- /Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
  "/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --wake --system
  2⤵
  PID:530
- /Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
  "/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6597.0" "--handshake-fd=4"
  2⤵
  PID:0
- - /Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/Helpers/launcher
    "/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/Helpers/launcher" --internal
    3⤵
    PID:533
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=7" "--launch-time-ticks=335013526" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=56"
    3⤵
    PID:534
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=6" "--launch-time-ticks=335074230" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=56"
    3⤵
    PID:535
- - /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
    /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
    3⤵
    PID:536
- - /usr/libexec/xpcproxy
    xpcproxy com.apple.SafariLaunchAgent
    3⤵
    PID:537
- - /Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
    /Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
    3⤵
    PID:537
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=8" "--launch-time-ticks=338345226" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=70"
    3⤵
    PID:538
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=12" "--launch-time-ticks=338533309" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=73"
    3⤵
    PID:539
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=10" "--launch-time-ticks=338742972" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=73"
    3⤵
    PID:540
- - /Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
    "/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher"
    3⤵
    PID:541
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --extension-process --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=11" "--launch-time-ticks=339374208" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=75"
    3⤵
    PID:542
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=90"
    3⤵
    PID:543
- - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
    "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)" "--type=renderer" --display-capture-permissions-policy-allowed "--lang=en-GB" "--num-raster-threads=1" --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources "--renderer-client-id=14" "--launch-time-ticks=344798929" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=75"
    3⤵
    PID:544
- - /Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
    GoogleUpdater --server "--service=update-internal" --system
    3⤵
    PID:0
  - - /Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
      "/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6597.0" "--handshake-fd=5"
      4⤵
      PID:1.8446744073709552e+19
  - - /Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
      "/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher"
      4⤵
      PID:548
  - - /Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
      GoogleUpdater --server "--service=update" --system
      4⤵
      PID:1.8446744073709552e+19
  - - /Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
      "/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6597.0" "--handshake-fd=5"
      4⤵
      PID:1.8446744073709552e+19
  - - /usr/bin/profiles
      /usr/bin/profiles status -type enrollment
      4⤵
      PID:554
  - - /usr/libexec/xpcproxy
      xpcproxy com.apple.spindump
      4⤵
      PID:555
  - - /usr/sbin/spindump
      /usr/sbin/spindump
      4⤵
      PID:555
  - - /usr/libexec/xpcproxy
      xpcproxy com.apple.tailspind
      4⤵
      PID:556
  - - /usr/libexec/tailspind
      /usr/libexec/tailspind
      4⤵
      PID:556
  - - /usr/libexec/xpcproxy
      xpcproxy com.apple.spindump_agent
      4⤵
      PID:557
  - - /usr/libexec/spindump_agent
      /usr/libexec/spindump_agent
      4⤵
      PID:557
  - - /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
      /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --store /Users/run/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
      4⤵
      PID:558
  - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
      "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=71"
      4⤵
      PID:559
  - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
      "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=71"
      4⤵
      PID:560
  - - /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
      "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper" "--type=utility" "--utility-sub-type=data_decoder.mojom.DataDecoderService" "--lang=en-GB" "--service-sandbox-type=service" --shared-files "--field-trial-handle=1718379636,r,18380149138584434129,7569589362172185629,131072" "--seatbelt-client=71"
      4⤵
      PID:561
  - - /Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
      GoogleUpdater --server "--service=update" --system
      4⤵
      PID:1.8446744073709552e+19
  - - /Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
      "/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater" --crash-handler --system "--database=/Library/Application Support/Google/GoogleUpdater/128.0.6597.0/Crashpad" "--url=https://clients2.google.com/cr/report" "--annotation=prod=Update4" "--annotation=ver=128.0.6597.0" "--handshake-fd=5"
      4⤵
      PID:1.8446744073709552e+19
  - - /usr/sbin/system_profiler
      /usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml
      4⤵
      PID:566

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Resource Forking

T1564.009

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Users/run/Library/Application Support/Google/Chrome/Crashpad/settings.dat

Filesize
40B

MD5
fcb4024c6dc53a5b72c492fd960762d7

SHA1
82c43024d9e274bf2b8a5d1e505d65cf3873fb92

SHA256
5cca682cfa80faa97838327d83ef5a2cc39e21b0cf16639aa7c4f095bf1be4e6

SHA512
5373007f40ec378d18770218163ffc2870036bf8c0af1128194a60c6ed6d944f2e3833bf151fb5bf4aee9325c1fbab56bacf3f6437daaa59efb0afdc5c5eed8b

Download Submit
/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/Users/run/Library/Application Support/Google/Chrome/Default/Local Storage/leveldb/000003.ldb

Filesize
339B

MD5
61a867b6e4a24cfcfd32ddef25ac3229

SHA1
87cc4516fbce1700174d8ea27c9d2cb70a60a1fd

SHA256
9cc80c0d1dfe7205c6530402c3240171966e72b6df8ef0e8571660fb18652cd5

SHA512
3678cc5f913c7f6c179be8d8483240a1c9aabbe5b295d6aa2b8037c60a8f2aa473f1fb56a7ee7093aaa8c24b968d32fed99972f6f837868f86b53b45de13f4dc

Download Submit
/Users/run/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

Filesize
569B

MD5
b5db1f091948de93d7fc96e14aef6da3

SHA1
74745f991e3dfe45037366e55c2e6df47d8e6593

SHA256
b7600cfe0aa091e9ab8540869b7ea120a62b36240acc0370c3fd62655b58bf4e

SHA512
d116ffaa01fa29545758fbe273c10d57879a91983d6b5a86ed410a0ac79cc8370fd2552284afa56f363a75ba6a89cc5c9a33f99071012dba2f2f8298ad0cac34

Download Submit
/Users/run/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

Filesize
269B

MD5
6487e04972ecffd0aabf7b61bdda8119

SHA1
26f0b11a2529a35f6970a914deadfcf2e2d23286

SHA256
241a349a63252a8026016a5ef0d713fc18f76735dd0c10963f9a693bfdb9b172

SHA512
44db500fa4549808a5ed1db5516fe4d412cc4e3898d102399fa6f467a2ed3fa79f133a0afcc5e1ab91f480267027ea11e48e37247d24513542286310ab2d47ae

Download Submit
/Users/run/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

Filesize
136B

MD5
fe382e791274914bee5950777e4f1fd3

SHA1
53b523b5fc87e66f2520a0b5f9ea080072668f4d

SHA256
935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132

SHA512
a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

Download Submit
/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb

Filesize
2KB

MD5
e0f65ad85a40a32fa91e551005e193ce

SHA1
a145766d5df23ae5fcd23dbb6937606f280f3502

SHA256
18b5270537241fdd8a8de2f4435bb9a19acc82d565bf629678c07360e0fa89d8

SHA512
bfcf2075ba3d99c6bf4840d6c7754668ac65e7b88aced5c727f99de68940783424b6e9755b4d90c28f489f87d88eda0f2b5194c292c7bcd0cebcb6a66adb2425

Download Submit
/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb

Filesize
288B

MD5
b47a44bdd1b765b6af56b347447fd1b7

SHA1
8599a1870656af91e432bb35e3497863e34ddfbb

SHA256
79b1150f1008ed3fbde59417e9727bce33a34ee2ac5b407eec1a82beabdd2c06

SHA512
bfa1d967125878a40068e4d5ec4a4bed4f211373ef2ca839a51cb9a29d2da5afcc65755134af2ae732dc03391a636fbb222b4ae481315e4213ceb8d74797c9f0

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
81bbb3c44a11b01df6823e8903e32469

SHA1
2780160622c2e15cdca1869d4d55502dbfdc7d0b

SHA256
f28741251af10e4e37bcafa56d12bf48e243d23d6d878c0e2f4388a2b6e688fc

SHA512
96c9483be4d5bbb0d7c0566d99d70d33b4492cd6f98c02b510416371319cf90cf5f1c5f39513a7ad78f5e0a2466e68351aa67dd6f44f7b5a6420a6619903a1cf

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
14103b2329ccdf76c8abf864ff66db71

SHA1
00ee952481ea1e6d8b4f99eca9522d1bc4505fa7

SHA256
f2756e78fdf7556a5b746dc1477c89168111c482739732f54f846a13e2ef492e

SHA512
9ae8854935a6bf2da2a1f14be0ac40733ef32174066b3b57dd2674fcc709903be1ae23b8f5d961b5929ea94f961fce605cbc8e457b4ba655583e07f12b11bddd

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
112KB

MD5
13f5c92f6d49098d82f4ef0edd01d159

SHA1
90b830f8916085a45e755410250fcd79e9459ed5

SHA256
1c6f1b6874c45651a603a28c2b86391083be8448ea30b890e2a40532dbb98440

SHA512
dddfabb664435c979cb223db2818d497bcd8f5eae6f1e8ea39f2fd02ead81bed9c20f4a7b87ba95f909739a5f4350e6f79c5173bd06009dbe09d13c2cef28338

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
20ce2857d13b8a359e30951b30c95dd0

SHA1
4084479d89e5f1a9d20d66213d4fd638beb6287b

SHA256
e4a930501b97d7ee0358fab21caecc58410f75189c54b306fdb49a797532c181

SHA512
b08a17c6b6819c1a2f7607a674e5b9d6c3f02259b1524de2f07dea8f5562afdf9891f987641ea6b161b604a1134af09d175512699d79148b12cca6c40499957d

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
114KB

MD5
b66b698f96e0ffc4b14b2aafd9e3524c

SHA1
c319c8bf730f8decb4dae779b68341a62f6e412e

SHA256
c0f13d01f38aab74d443dca014817e3227cfbc7479ae7cd29d6176c27069148d

SHA512
65e4e47fe71a6ae0c98e988db399baac8736355f33d52bb597b5ea93dc321be24bda2d4a31f12b5b621065a8084fa3274bf4954854a2cdbb1640b152aad631f2

Download Submit
/Users/run/Library/Keychains/login.keychain-db

Filesize
112KB

MD5
16db68b5708806ef249865233eafbc39

SHA1
bb6598894b5cf6a7bdd00b7e741f640e24b4fa67

SHA256
59019d3853cf58d240725bdcc5d1d4d9bfd2cfdcd0e40ae587d04b66248b4896

SHA512
6b0870ea9a0a8273699839c4561a08477ab0a4a5863732f0a88868d7ef6cd7146a4215e8df314bc4238e43f4a5fb2ab495c885b412b8fa9068ce2ba780f1a7eb

Download Submit
/tmp/com.google.Keystone/.keystone_install_lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit