Malware Analysis Report

2025-08-10 23:22

Sample ID 241117-kjk39avnh1
Target MHAudioConverter.dmg
SHA256 f6e892385fafec46b72709116d3bfc87e802c2e7c8f05908b3c6acfc9eec09ab
Tags
execution evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

f6e892385fafec46b72709116d3bfc87e802c2e7c8f05908b3c6acfc9eec09ab

Threat Level: Likely benign

The file MHAudioConverter.dmg was found to be: Likely benign.

Malicious Activity Summary

execution evasion

Resource Forking

Command and Scripting Interpreter: JavaScript

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-17 08:38

Signatures

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

140s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\GaussianBlur.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\GaussianBlur.js"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241101-en

Max time kernel

78s

Max time network

158s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15-courier.push.apple.com udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241106-en

Max time kernel

77s

Max time network

104s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:44

Platform

macos-20241101-en

Max time kernel

77s

Max time network

155s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
GB 17.253.77.201:80 valid.apple.com tcp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral28

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win7-20240903-en

Max time kernel

117s

Max time network

120s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RadialBlur.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RadialBlur.js"

Network

N/A

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:44

Platform

macos-20241106-en

Max time kernel

81s

Max time network

110s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win7-20240729-en

Max time kernel

117s

Max time network

119s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\DirectionalBlur.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\DirectionalBlur.js"

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win7-20241010-en

Max time kernel

10s

Max time network

19s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RectangularGlow.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RectangularGlow.js"

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241106-en

Max time kernel

85s

Max time network

105s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
GB 17.253.77.201:80 mesu.apple.com tcp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241101-en

Max time kernel

84s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib]

Network

Country Destination Domain Proto
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49-courier.push.apple.com udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33-courier.push.apple.com udp
US 8.8.8.8:53 48-courier.push.apple.com udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 11-courier.push.apple.com udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 43-courier.push.apple.com udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 12-courier.push.apple.com udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241106-en

Max time kernel

84s

Max time network

142s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:44

Platform

macos-20241106-en

Max time kernel

82s

Max time network

142s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
GB 17.57.146.152:5223 tcp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:44

Platform

macos-20241101-en

Max time kernel

81s

Max time network

155s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 23-courier.push.apple.com udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47-courier.push.apple.com udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40-courier.push.apple.com udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:44

Platform

macos-20241106-en

Max time kernel

77s

Max time network

103s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

140s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\DirectionalBlur.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\DirectionalBlur.js"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

156s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\FastBlur.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\FastBlur.js"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241106-en

Max time kernel

149s

Max time network

161s

Command Line

[sh -c sudo /bin/zsh -c "open /Volumes/MediaHuman\ Audio\ Converter/MediaHuman\ Audio\ Converter.app"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd N/A N/A
N/A /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper N/A N/A
N/A /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper N/A N/A
N/A /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd N/A N/A
N/A /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "open /Volumes/MediaHuman\ Audio\ Converter/MediaHuman\ Audio\ Converter.app"]

/bin/bash

[sh -c sudo /bin/zsh -c "open /Volumes/MediaHuman\ Audio\ Converter/MediaHuman\ Audio\ Converter.app"]

/usr/bin/sudo

[sudo /bin/zsh -c open /Volumes/MediaHuman\ Audio\ Converter/MediaHuman\ Audio\ Converter.app]

/bin/zsh

[/bin/zsh -c open /Volumes/MediaHuman\ Audio\ Converter/MediaHuman\ Audio\ Converter.app]

/usr/bin/open

[open /Volumes/MediaHuman Audio Converter/MediaHuman Audio Converter.app]

/usr/libexec/xpcproxy

[xpcproxy com.mediahuman.Audio Converter.2332]

/Volumes/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter

[/Volumes/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter]

/usr/libexec/xpcproxy

[xpcproxy com.apple.DesktopServicesHelper.92C79705-7B99-4369-9CCA-4D1D9D04F57C]

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper

[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.replayd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.installd]

/usr/libexec/replayd

[/usr/libexec/replayd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.storedownloadd]

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd

[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.system_installd]

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd

[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd]

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd

[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.PerformanceAnalysis.animationperfd]

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd

[/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.CacheDeleteExtension 511]

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension

[/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension]

/usr/libexec/xpcproxy

[xpcproxy com.apple.DesktopServicesHelper.7B926CB5-BB6B-404D-884C-95713D5C3B2E]

/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper

[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.CacheDeleteExtension 511]

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension

[/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension]

Network

Country Destination Domain Proto
US 8.8.8.8:53 b._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 db._dns-sd._udp.0.0.127.10.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241101-en

Max time kernel

82s

Max time network

155s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36-courier.push.apple.com udp
US 8.8.8.8:53 15-courier.push.apple.com udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49-courier.push.apple.com udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241106-en

Max time kernel

77s

Max time network

104s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:44

Platform

macos-20241101-en

Max time kernel

83s

Max time network

156s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib]

Network

Country Destination Domain Proto
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
GB 17.57.146.154:5223 37.courier-push-apple.com.akadns.net tcp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 23-courier.push.apple.com udp
US 8.8.8.8:53 15-courier.push.apple.com udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win10v2004-20241007-en

Max time kernel

90s

Max time network

160s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RectangularGlow.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RectangularGlow.js"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win7-20240903-en

Max time kernel

119s

Max time network

125s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\ZoomBlur.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\ZoomBlur.js"

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241106-en

Max time kernel

83s

Max time network

110s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
GB 17.253.77.201:80 mesu.apple.com tcp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241101-en

Max time kernel

78s

Max time network

106s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:44

Platform

macos-20241106-en

Max time kernel

77s

Max time network

108s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241101-en

Max time kernel

78s

Max time network

107s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
GB 17.253.77.201:80 mesu.apple.com tcp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:44

Platform

macos-20241101-en

Max time kernel

78s

Max time network

105s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win7-20241023-en

Max time kernel

119s

Max time network

121s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\GaussianBlur.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\GaussianBlur.js"

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

139s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RadialBlur.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RadialBlur.js"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

macos-20241101-en

Max time kernel

87s

Max time network

157s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.systemsoundserverd]

/usr/sbin/systemsoundserverd

[/usr/sbin/systemsoundserverd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37-courier.push.apple.com udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 35-courier.push.apple.com udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:44

Platform

macos-20241106-en

Max time kernel

85s

Max time network

105s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib]

/bin/zsh

[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib]

/Users/run/MediaHuman

[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nsurlstoraged]

/usr/libexec/nsurlstoraged

[/usr/libexec/nsurlstoraged --privileged]

Network

Country Destination Domain Proto
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp

Files

/var/db/nsurlstoraged/dafsaData.bin

MD5 64f469698e53d0c828b7f90acd306082
SHA1 bcc041b3849e1b0b4104ffeb46002207eeac54f3
SHA256 d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd
SHA512 a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-17 08:37

Reported

2024-11-17 08:41

Platform

win7-20240903-en

Max time kernel

121s

Max time network

128s

Command Line

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\FastBlur.js"

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\FastBlur.js"

Network

N/A

Files

N/A