Analysis Overview
SHA256
f6e892385fafec46b72709116d3bfc87e802c2e7c8f05908b3c6acfc9eec09ab
Threat Level: Likely benign
The file MHAudioConverter.dmg was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
Command and Scripting Interpreter: JavaScript
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-17 08:38
Signatures
Analysis: behavioral27
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
140s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\GaussianBlur.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241101-en
Max time kernel
78s
Max time network
158s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacjp2.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 15-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 45-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 9-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241106-en
Max time kernel
77s
Max time network
104s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtga.dylib]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:44
Platform
macos-20241101-en
Max time kernel
77s
Max time network
155s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfmediaplayer.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral28
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win7-20240903-en
Max time kernel
117s
Max time network
120s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RadialBlur.js"
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:44
Platform
macos-20241106-en
Max time kernel
81s
Max time network
110s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqtiff.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral22
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win7-20240729-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\DirectionalBlur.js"
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win7-20241010-en
Max time kernel
10s
Max time network
19s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RectangularGlow.js"
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241106-en
Max time kernel
85s
Max time network
105s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/audio/libqtaudio_coreaudio.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| GB | 17.253.77.201:80 | mesu.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241101-en
Max time kernel
84s
Max time network
156s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/iconengines/libqsvgicon.dylib]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 45-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 20.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 48-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241106-en
Max time kernel
84s
Max time network
142s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqgif.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:44
Platform
macos-20241106-en
Max time kernel
82s
Max time network
142s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwbmp.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| GB | 17.57.146.152:5223 | tcp | |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral18
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:44
Platform
macos-20241101-en
Max time kernel
81s
Max time network
155s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqtmedia_audioengine.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 45-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 24.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 23-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 19-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 40-courier.push.apple.com | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:44
Platform
macos-20241106-en
Max time kernel
77s
Max time network
103s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqwebp.dylib]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
140s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\DirectionalBlur.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win10v2004-20241007-en
Max time kernel
92s
Max time network
156s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\FastBlur.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241106-en
Max time kernel
149s
Max time network
161s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "open /Volumes/MediaHuman\ Audio\ Converter/MediaHuman\ Audio\ Converter.app"]
/bin/bash
[sh -c sudo /bin/zsh -c "open /Volumes/MediaHuman\ Audio\ Converter/MediaHuman\ Audio\ Converter.app"]
/usr/bin/sudo
[sudo /bin/zsh -c open /Volumes/MediaHuman\ Audio\ Converter/MediaHuman\ Audio\ Converter.app]
/bin/zsh
[/bin/zsh -c open /Volumes/MediaHuman\ Audio\ Converter/MediaHuman\ Audio\ Converter.app]
/usr/bin/open
[open /Volumes/MediaHuman Audio Converter/MediaHuman Audio Converter.app]
/usr/libexec/xpcproxy
[xpcproxy com.mediahuman.Audio Converter.2332]
/Volumes/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter
[/Volumes/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter]
/usr/libexec/xpcproxy
[xpcproxy com.apple.DesktopServicesHelper.92C79705-7B99-4369-9CCA-4D1D9D04F57C]
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.replayd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.installd]
/usr/libexec/replayd
[/usr/libexec/replayd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.storedownloadd]
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.system_installd]
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
[/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
[/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PerformanceAnalysis.animationperfd]
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
[/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.CacheDeleteExtension 511]
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
[/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension]
/usr/libexec/xpcproxy
[xpcproxy com.apple.DesktopServicesHelper.7B926CB5-BB6B-404D-884C-95713D5C3B2E]
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper
[/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Resources/DesktopServicesHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Safari.CacheDeleteExtension 511]
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
[/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | b._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | db._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241101-en
Max time kernel
82s
Max time network
155s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqjpeg.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 36-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 2-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 12.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 33-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 49-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 48.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 25-courier.push.apple.com | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241106-en
Max time kernel
77s
Max time network
104s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqmacheif.dylib]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:44
Platform
macos-20241101-en
Max time kernel
83s
Max time network
156s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/quick/libdeclarative_multimedia.dylib]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 45-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 37.courier-push-apple.com.akadns.net | udp |
| GB | 17.57.146.154:5223 | 37.courier-push-apple.com.akadns.net | tcp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 27.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 30.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 5.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 15-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 42-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 4.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 41.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 14.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win10v2004-20241007-en
Max time kernel
90s
Max time network
160s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RectangularGlow.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win7-20240903-en
Max time kernel
119s
Max time network
125s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\ZoomBlur.js"
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241106-en
Max time kernel
83s
Max time network
110s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqico.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| GB | 17.253.77.201:80 | mesu.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241101-en
Max time kernel
78s
Max time network
106s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqsvg.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:44
Platform
macos-20241106-en
Max time kernel
77s
Max time network
108s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/platforms/libqcocoa.dylib]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241101-en
Max time kernel
78s
Max time network
107s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/imageformats/libqicns.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| GB | 17.253.77.201:80 | mesu.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral20
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:44
Platform
macos-20241101-en
Max time kernel
78s
Max time network
105s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win7-20241023-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\GaussianBlur.js"
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
139s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\RadialBlur.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
macos-20241101-en
Max time kernel
87s
Max time network
157s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/MacOS/MHAudioConverter]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 30-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 8-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 35-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 18.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 16-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 25.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 7-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 44-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 20-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 26.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 28-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 42.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 6-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 50.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 46-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 13.courier-push-apple.com.akadns.net | udp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
Analysis: behavioral16
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:44
Platform
macos-20241106-en
Max time kernel
85s
Max time network
105s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib]
/bin/zsh
[/bin/zsh -c /Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib]
/Users/run/MediaHuman
[/Users/run/MediaHuman Audio Converter/MediaHuman Audio Converter.app/Contents/PlugIns/mediaservice/libqavfcamera.dylib]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nsurlstoraged]
/usr/libexec/nsurlstoraged
[/usr/libexec/nsurlstoraged --privileged]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/db/nsurlstoraged/dafsaData.bin
| MD5 | 64f469698e53d0c828b7f90acd306082 |
| SHA1 | bcc041b3849e1b0b4104ffeb46002207eeac54f3 |
| SHA256 | d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd |
| SHA512 | a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f |
Analysis: behavioral24
Detonation Overview
Submitted
2024-11-17 08:37
Reported
2024-11-17 08:41
Platform
win7-20240903-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\MediaHuman Audio Converter\MediaHuman Audio Converter.app\Contents\Resources\qml\QtGraphicalEffects\FastBlur.js"