283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

General

Target

[email protected]
Size

3.4MB
MD5

84c82835a5d21bbcf75a61706d8ab549
SHA1

5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512

90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
SSDEEP

98304:QqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3x:QqPe1Cxcxk3ZAEUadzR8yc4gB

Score

4^/10

Malware Config

Signatures

File and Directory Discovery. 1 TTPs 1 IoCs

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

discovery

File and Directory Discovery

T1083

Processes:

ioc	Process
dirname "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/jcontrol"

JavaScript 1 TTPs 1 IoCs

Adversaries may abuse various implementations of JavaScript for execution.

execution

JavaScript

T1059.007

Processes:

ioc	Process
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Xbootclasspath/a:/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/../lib/deploy.jar" "-Djava.locale.providers=HOST,JRE,SPI" -Djdk.disableLastUsageTracking "-Xdock:name=Java Control Panel" "-Xdock:icon=/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy/JavaControlPanel.prefPane/Contents/Resources/Java7VM.icns" com.sun.deploy.panel.ControlPanel

ioc

Process

"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Xbootclasspath/a:/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/../lib/deploy.jar" "-Djava.locale.providers=HOST,JRE,SPI" -Djdk.disableLastUsageTracking "-Xdock:name=Java Control Panel" "-Xdock:icon=/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy/JavaControlPanel.prefPane/Contents/Resources/Java7VM.icns" com.sun.deploy.panel.ControlPanel

Resource Forking 1 TTPs 14 IoCs

Adversaries may abuse resource forks to hide malicious code or executables to evade detection and bypass security applications. A resource fork provides applications a structured way to store resources such as thumbnail images, menu definitions, icons, dialog boxes, and code.

evasion

Resource Forking

T1564.009

Processes:

ioc	Process
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd
"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"
/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Xbootclasspath/a:/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/../lib/deploy.jar" "-Djava.locale.providers=HOST,JRE,SPI" -Djdk.disableLastUsageTracking "-Xdock:name=Java Control Panel" "-Xdock:icon=/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy/JavaControlPanel.prefPane/Contents/Resources/Java7VM.icns" com.sun.deploy.panel.ControlPanel
"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/[email protected]\""
1⤵
PID:456

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/[email protected]\""
1⤵
PID:456

/usr/bin/sudo
sudo /bin/zsh -c "/Users/run/[email protected]"
1⤵
PID:456
- /bin/zsh
  /bin/zsh -c "/Users/run/[email protected]"
  2⤵
  PID:459
- /Users/run/[email protected]
  "/Users/run/[email protected]"
  2⤵
  PID:459

/usr/libexec/xpcproxy
xpcproxy com.apple.nsurlstoraged
1⤵
PID:489

/usr/libexec/nsurlstoraged
/usr/libexec/nsurlstoraged --privileged
1⤵
PID:489

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.2028
1⤵
PID:496

/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
1⤵
PID:496

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.History
1⤵
PID:497

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History
1⤵
PID:497

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.42A5930D-26DE-4386-827B-A2F669EE7A25 496
1⤵
PID:498

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:498

/usr/libexec/xpcproxy
xpcproxy com.apple.SafariLaunchAgent
1⤵
PID:503

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
1⤵
PID:503

/usr/libexec/xpcproxy
xpcproxy com.apple.WebKit.WebContent.EE1C4F40-6360-4153-97E2-99C8C6CAC8F1 496
1⤵
PID:504

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
1⤵
PID:504

/usr/libexec/xpcproxy
xpcproxy com.apple.systemprofiler
1⤵
PID:505

/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information
"/System/Applications/Utilities/System Information.app/Contents/MacOS/System Information"
1⤵
PID:505

/usr/libexec/xpcproxy
xpcproxy com.apple.replayd
1⤵
PID:508

/usr/libexec/replayd
/usr/libexec/replayd
1⤵
PID:508

/usr/libexec/xpcproxy
xpcproxy com.apple.ReportMemoryException
1⤵
PID:509

/usr/libexec/ReportMemoryException
/usr/libexec/ReportMemoryException
1⤵
PID:509

/usr/libexec/xpcproxy
xpcproxy com.apple.storedownloadd
1⤵
PID:514

/usr/libexec/xpcproxy
xpcproxy com.apple.installd
1⤵
PID:515

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/installd
1⤵
PID:515

/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/storedownloadd
1⤵
PID:514

/usr/libexec/xpcproxy
xpcproxy com.apple.system_installd
1⤵
PID:516

/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
/System/Library/PrivateFrameworks/PackageKit.framework/Resources/system_installd
1⤵
PID:516

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.CacheDeleteExtension 506
1⤵
PID:517

/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
/Applications/Safari.app/Contents/PlugIns/CacheDeleteExtension.appex/Contents/MacOS/CacheDeleteExtension
1⤵
PID:517

/usr/libexec/xpcproxy
xpcproxy com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:520

/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
1⤵
PID:520

/usr/libexec/xpcproxy
xpcproxy com.apple.messages.StorageManagementExtension 505
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.Trash 505
1⤵
PID:522

/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension
"/System/Applications/Messages.app/Contents/PlugIns/Messages Storage Management Extension.appex/Contents/MacOS/Messages Storage Management Extension"
1⤵
PID:521

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.iOSFiles 505
1⤵
PID:523

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/TrashStorageExtension.appex/Contents/MacOS/TrashStorageExtension
1⤵
PID:522

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.GarageBand 505
1⤵
PID:524

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/iOSFilesStorageExtension.appex/Contents/MacOS/iOSFilesStorageExtension
1⤵
PID:523

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/GarageBandStorageExtension.appex/Contents/MacOS/GarageBandStorageExtension
1⤵
PID:524

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.CloudFiles 505
1⤵
PID:525

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.AppleInternal 505
1⤵
PID:526

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/CloudFilesStorageExtension.appex/Contents/MacOS/CloudFilesStorageExtension
1⤵
PID:525

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/AppleInternalStorageExtension.appex/Contents/MacOS/AppleInternalStorageExtension
1⤵
PID:526

/usr/libexec/xpcproxy
xpcproxy com.apple.Photos.StorageManagementExtension 505
1⤵
PID:527

/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension
/System/Applications/Photos.app/Contents/PlugIns/PhotosStorageExtension.appex/Contents/MacOS/PhotosStorageExtension
1⤵
PID:527

/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension
/System/Applications/Podcasts.app/Contents/PlugIns/MacPodcastsStorageExtension.appex/Contents/MacOS/MacPodcastsStorageExtension
1⤵
PID:528

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.OtherUsers 505
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.Mail 505
1⤵
PID:530

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension
1⤵
PID:529

/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement
/System/Applications/Mail.app/Contents/PlugIns/MailStorageManagement.appex/Contents/MacOS/MailStorageManagement
1⤵
PID:530

/usr/libexec/xpcproxy
xpcproxy com.apple.CloudDocsDaemon.StorageManagement 505
1⤵
PID:531

/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/PlugIns/CloudDocsStorageManagement.appex/Contents/MacOS/CloudDocsStorageManagement
1⤵
PID:531

/usr/libexec/xpcproxy
xpcproxy com.apple.STMExtension.Applications 505
1⤵
PID:532

/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension
/System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/ApplicationsStorageExtension.appex/Contents/MacOS/ApplicationsStorageExtension
1⤵
PID:532

/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension
/System/Applications/TV.app/Contents/PlugIns/TVStorageExtension.appex/Contents/MacOS/TVStorageExtension
1⤵
PID:533

/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension
/System/Applications/Music.app/Contents/PlugIns/MusicStorageExtension.appex/Contents/MacOS/MusicStorageExtension
1⤵
PID:534

/usr/libexec/xpcproxy
xpcproxy com.apple.iBooksX.DiskSpaceEfficiency
1⤵
PID:535

/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency
/System/Applications/Books.app/Contents/PlugIns/DiskSpaceEfficiency.appex/Contents/MacOS/DiskSpaceEfficiency
1⤵
PID:535

/usr/libexec/xpcproxy
xpcproxy com.apple.CloudPhotosConfiguration
1⤵
PID:536

/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration
/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration
1⤵
PID:536

/usr/libexec/xpcproxy
xpcproxy com.apple.automountd
1⤵
PID:541

/usr/libexec/automountd
automountd
1⤵
PID:541
- /usr/libexec/od_user_homes
  /usr/libexec/od_user_homes .localized
  2⤵
  PID:542
- /usr/libexec/od_user_homes
  /usr/libexec/od_user_homes .localized
  2⤵
  PID:557

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.2140
1⤵
PID:544

/System/Applications/System Preferences.app/Contents/MacOS/System Preferences
"/System/Applications/System Preferences.app/Contents/MacOS/System Preferences"
1⤵
PID:544

/usr/libexec/xpcproxy
xpcproxy com.apple.AccountProfileRemoteViewService 544
1⤵
PID:545

/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
/System/Library/PrivateFrameworks/AOSUI.framework/Versions/A/XPCServices/AccountProfileRemoteViewService.xpc/Contents/MacOS/AccountProfileRemoteViewService
1⤵
PID:545

/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
/System/Library/PreferencePanes/ClassroomSettings.prefPane/Contents/Resources/ClassroomSettingsVisibilityCheckTool
1⤵
PID:546

/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
/System/Library/PreferencePanes/Profiles.prefPane/Contents/Resources/CPPrefPaneEnabledTool
1⤵
PID:547

/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
/System/Library/PreferencePanes/Sidecar.prefPane/Contents/Resources/sidecarPrefCheck
1⤵
PID:548

/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
/System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
1⤵
PID:549

/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
/System/Library/PreferencePanes/Wallet.prefPane/Contents/Resources/walletAvailabilityCheckTool
1⤵
PID:550

/usr/libexec/xpcproxy
xpcproxy com.apple.nfcd
1⤵
PID:551

/usr/libexec/nfcd
/usr/libexec/nfcd
1⤵
PID:551

/usr/libexec/xpcproxy
xpcproxy com.apple.installandsetup.systemmigrationd
1⤵
PID:553

/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd
/System/Library/PrivateFrameworks/SystemMigration.framework/Resources/systemmigrationd
1⤵
PID:553

/usr/libexec/xpcproxy
xpcproxy com.apple.storagekitd
1⤵
PID:554

/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd
/System/Library/PrivateFrameworks/StorageKit.framework/Resources/storagekitd
1⤵
PID:554

/usr/libexec/xpcproxy
xpcproxy com.apple.studentd
1⤵
PID:555

/usr/libexec/studentd
/usr/libexec/studentd
1⤵
PID:555

/usr/libexec/xpcproxy
xpcproxy com.apple.iconservices.iconservicesagent
1⤵
PID:556

/System/Library/CoreServices/iconservicesagent
/System/Library/CoreServices/iconservicesagent runAsRoot
1⤵
PID:556

/usr/libexec/xpcproxy
xpcproxy com.apple.systempreferences.legacyLoader 544
1⤵
PID:559

/System/Library/Frameworks/PreferencePanes.framework/Versions/A/XPCServices/legacyLoader.xpc/Contents/MacOS/legacyLoader
/System/Library/Frameworks/PreferencePanes.framework/Versions/A/XPCServices/legacyLoader.xpc/Contents/MacOS/legacyLoader
1⤵
PID:559

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/jcontrol
"/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/jcontrol"
1⤵
PID:560
- /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
  "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" "-Xbootclasspath/a:/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/../lib/deploy.jar" "-Djava.locale.providers=HOST,JRE,SPI" -Djdk.disableLastUsageTracking "-Xdock:name=Java Control Panel" "-Xdock:icon=/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy/JavaControlPanel.prefPane/Contents/Resources/Java7VM.icns" com.sun.deploy.panel.ControlPanel
  2⤵
  PID:565

/usr/bin/dirname
dirname "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/jcontrol"
1⤵
PID:564

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump
1⤵
PID:566

/usr/sbin/spindump
/usr/sbin/spindump
1⤵
PID:566

/usr/libexec/xpcproxy
xpcproxy com.apple.spindump_agent
1⤵
PID:567

/usr/libexec/spindump_agent
/usr/libexec/spindump_agent
1⤵
PID:567

/usr/libexec/xpcproxy
xpcproxy com.apple.metadata.mdwrite
1⤵
PID:568

/usr/libexec/xpcproxy
xpcproxy com.apple.preferences.softwareupdate.remoteservice 544
1⤵
PID:569

/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
/System/Library/PreferencePanes/SoftwareUpdate.prefPane/Contents/XPCServices/com.apple.preferences.softwareupdate.remoteservice.xpc/Contents/MacOS/com.apple.preferences.softwareupdate.remoteservice
1⤵
PID:569

/usr/libexec/xpcproxy
xpcproxy com.apple.softwareupdated
1⤵
PID:570

/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated
"/System/Library/CoreServices/Software Update.app/Contents/Resources/softwareupdated"
1⤵
PID:570

/usr/libexec/xpcproxy
xpcproxy com.apple.suhelperd
1⤵
PID:571

/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd
"/System/Library/CoreServices/Software Update.app/Contents/Resources/suhelperd"
1⤵
PID:571

/usr/libexec/xpcproxy
xpcproxy com.apple.Safari.SearchHelper 496
1⤵
PID:574

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.SearchHelper.xpc/Contents/MacOS/com.apple.Safari.SearchHelper
1⤵
PID:574

/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues
/System/Library/SystemConfiguration/PrinterNotifications.bundle/Contents/MacOS/makequeues -z
1⤵
PID:576

/usr/libexec/xpcproxy
xpcproxy com.apple.SoftwareUpdateNotificationManager
1⤵
PID:578

/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager
/System/Library/PrivateFrameworks/SoftwareUpdate.framework/Resources/SoftwareUpdateNotificationManager.app/Contents/MacOS/SoftwareUpdateNotificationManager
1⤵
PID:578

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

JavaScript

1

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

1

T1564

Resource Forking

1

T1564.009

Credential Access

Discovery

File and Directory Discovery

1

T1083

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/Library/Printers/InstalledPrinters.plist

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/Library/Printers/InstalledPrinters.plist

Filesize
495B

MD5
3439dcb6d4ce19d3ea022b8bb17cba7a

SHA1
e412c16548b6fcc5fd488315cd70b324ca4d782e

SHA256
aec405d7619e28da751fafd97782015affebdb36e863c58eea2b658551a59e7b

SHA512
8ca944a1a157f6933a5efeea35aa7626d0dd5f6fd4b5d9fe08c3760b39b6f54289e502923ca7616110c468173f0389f2ce1e35899d171bd08873678759aba93b

Download Submit
/var/db/nsurlstoraged/dafsaData.bin

Filesize
54KB

MD5
64f469698e53d0c828b7f90acd306082

SHA1
bcc041b3849e1b0b4104ffeb46002207eeac54f3

SHA256
d74d0e429343f5e1b3e0b9437e048917c4343a30cff068739ea898bad8e37ffd

SHA512
a8334d1304f2fbd32cfd0ca35c289a45c450746cf3be57170cbbe87b723b1910c2e950a73c1fb82de9dc5ed623166d339a05fec3d78b861a9254dc2cb51fab5f

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

Filesize
47KB

MD5
0e4a0d1ceb2af6f0f8d0167ce77be2d3

SHA1
414ba4c1dc5fc8bf53d550e296fd6f5ad669918c

SHA256
cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030

SHA512
1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

Download Submit
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

Filesize
4KB

MD5
d3a1859e6ec593505cc882e6def48fc8

SHA1
f8e6728e3e9de477a75706faa95cead9ce13cb32

SHA256
3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c

SHA512
ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

Download Submit
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/SMIncompatibleAppUpdate/CFNetworkDownload_iagQ9z.tmp

Filesize
324KB

MD5
8ac8e766276bb799857b359b3a4f2347

SHA1
075fe1052e1e6de0a38aaa7711a54e8a77bb65f8

SHA256
a0ee16e403dd8609ce56b56a111b2926b591d368b6e99a41c836beb280dcf687

SHA512
60f88aacc4d89e7a52aa30a469b430f781006fac52b320c2acd05d8f3ace9638a042fa0b0000885293cf6ee391915e7d68ffc656f4056fcb6de3b638d52a6439

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads