Edit tour

macOS Analysis Report
Jacqueline_Dinsmore.pdf

Overview

General Information

Sample name:	Jacqueline_Dinsmore.pdf
Analysis ID:	1525189
MD5:	02c546cf3968743d318fe66c4f9af5b2
SHA1:	d2c564071d69de60469c61624c29acee8a8251df
SHA256:	29807f225357227915f9cd05d17def86b35f19ba81dd512c98a52ee82b891662
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false

Signatures

No high impact signatures.

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525189
Start date and time:	2024-10-03 20:44:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultmacfilecookbook.jbs
Analysis system description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
macOS major version:	10.14
CPU architecture:	x86_64
Analysis Mode:	default
Sample name:	Jacqueline_Dinsmore.pdf
Detection:	CLEAN
Classification:	clean0.macPDF@0/1@1/0

Warnings

Excluded IPs from analysis (whitelisted): 17.253.3.203, 17.253.3.196, 23.34.248.198, 17.253.97.201, 17.253.97.205, 17.36.200.79, 17.253.27.195, 17.253.27.199, 17.253.97.203, 23.58.90.40
Excluded domains from analysis (whitelisted): mesu-cdn.apple.com.akadns.net, e11408.d.akamaiedge.net, lcdn-locator-usuqo.apple.com.akadns.net, updates.cdn-apple.com.akadns.net, e673.dsce9.akamaiedge.net, help-ar.apple.com.edgekey.net, crl.apple.com, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, mesu-cdn.origin-apple.com.akadns.net, lcdn-locator.apple.com.akadns.net, help.origin-apple.com.akadns.net, lcdn-locator.apple.com, mesu.g.aaplimg.com, updates.g.aaplimg.com, itunes.apple.com.edgekey.net, help.apple.com, mesu.apple.com, init.itunes.apple.com, updates.cdn-apple.com, init-cdn.itunes-apple.com.akadns.net
VT rate limit hit for: Jacqueline_Dinsmore.pdf

Runtime Messages

Command:	open "/Users/bernard/Desktop/Jacqueline_Dinsmore.pdf"
PID:	623
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

System is macvm-mojave

xpcproxy New Fork (PID: 615, Parent: 1)

nsurlstoraged (MD5: 321b0a40e24b45f0af49ba42742b3f64) Arguments: /usr/libexec/nsurlstoraged --privileged

mono-sgen32 New Fork (PID: 623, Parent: 537)

open (MD5: 34bd93241fa5d2aee225941b1ca14fa4) Arguments: /usr/bin/open /Users/bernard/Desktop/Jacqueline_Dinsmore.pdf

xpcproxy New Fork (PID: 624, Parent: 1)

Preview (MD5: 6d42705dd70a79028f5961c87a79b9ce) Arguments: /Applications/Preview.app/Contents/MacOS/Preview

xpcproxy New Fork (PID: 646, Parent: 1)

eficheck (MD5: 328beb81a2263449258057506bb4987f) Arguments: /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49401 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.199.67
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.101.13
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: unknown	Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49384
Source: unknown	Network traffic detected: HTTP traffic on port 49393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49382
Source: unknown	Network traffic detected: HTTP traffic on port 49395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49381
Source: unknown	Network traffic detected: HTTP traffic on port 49401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49395
Source: unknown	Network traffic detected: HTTP traffic on port 49394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49394
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 49396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349

Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49381 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49383 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49394 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49401 version: TLS 1.2

Source: classification engine

Classification label: clean0.macPDF@0/1@1/0

Source: /Applications/Preview.app/Contents/MacOS/Preview (PID: 624)	Random device file read: /dev/random			Jump to behavior
Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 646)	Random device file read: /dev/random			Jump to behavior

Source: /Applications/Preview.app/Contents/MacOS/Preview (PID: 624)

AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist

Jump to behavior

Source: /usr/bin/open (PID: 623)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior
Source: /Applications/Preview.app/Contents/MacOS/Preview (PID: 624)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Shell
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
h3.apis.apple.map.fastly.net	151.101.3.6	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.76.101.13	unknown	United States	16625	AKAMAI-ASUS	false
151.101.3.6	h3.apis.apple.map.fastly.net	United States	54113	FASTLYUS	false
151.101.195.6	unknown	United States	54113	FASTLYUS	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.76.101.13	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bxn--dic%C2%ADesisdeba%C2%ADrin%C2%ADas%C2%AD-6%C2%ADu%C2%ADb.%E2%80%8Bor%C2%ADg%2Fsys%2Fcss%2FvzEOd74Ux6iYa/YWxldGhpYS5oZXJtb3NpbGxvQHdyaS5vcmc=	Get hash	malicious	Unknown	Browse
	https://buildsend.com/ws/1.0/viewimage.aspx?c=bs3bElnjM35cIuYS0jC44KF5xlV9G0&i=337660&ct=application/url&f=People%20who%20test%20positive%20or%20were%20exposed&url=https://ecv.microsoft.com/IC2qMWnkhV	Get hash	malicious	Unknown	Browse
	iVI0909jHM.dmg	Get hash	malicious	AMOS Stealer	Browse
151.101.3.6	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl1bBkz1ufgENuAZF1ODXRkOEXcot-2BlieaBFtd0IhXM08Jp__OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOxzyaiykDuoFljiX91jkOGF7TGq8s59HY1LfNpqOHr1hEZu4XswpdGfGTbIsw4Mg7Ewx-2FAzTwbYOEI5c5W9xQE63UMPeYSBL2GJwQizVTVETCyjhoaIq4ot5vl7L-2BMO3KbJCX7vVUyT6NGOFhbY99Ap0lxFmjxSsCRRr7CrNGrevXE9jp8IJyovKPHHX6-2FxnVR-2BVdKd5S1Zkq94QkyDWCs9lCPSQ3LNxOSscF1edS7fTz6-2Bswo-2FZW2dAOCyCTKBxs-3D#Ymhhc2thci5zYW1iYXNpdmFuQHNhYW1hLmNvbQ==	Get hash	malicious	Unknown	Browse
	https://b3dc9.dynv6.net/en-nz/itunes-gift-card-scams	Get hash	malicious	Unknown	Browse
	https://b3dc9.dynv6.net/en-uz/watch	Get hash	malicious	Unknown	Browse
	EACA1218AC7D98866DFE1F45785598942394234D.html	Get hash	malicious	Unknown	Browse
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bxn--dic%C2%ADesisdeba%C2%ADrin%C2%ADas%C2%AD-6%C2%ADu%C2%ADb.%E2%80%8Bor%C2%ADg%2Fsys%2Fcss%2FvzEOd74Ux6iYa/YWxldGhpYS5oZXJtb3NpbGxvQHdyaS5vcmc=	Get hash	malicious	Unknown	Browse
	https://www.rashakhodro.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWJ6RkxWV3c9JnVpZD1VU0VSMTUwOTIwMjRVMTUwOTE1NDQ=N0123Ninfo@colemanenv.com	Get hash	malicious	Unknown	Browse
	https://topawardpicks.top	Get hash	malicious	Unknown	Browse
	VFtaM6iwOv	Get hash	malicious	Unknown	Browse
	extracted-pkg.ziphttps://fluencydirect-distro.s3.amazonaws.com/releases.macOS/FluencyDirect-11.0.10.40.pkg	Get hash	malicious	Unknown	Browse
	NX76Su3VOr	Get hash	malicious	Unknown	Browse
151.101.195.6	GlobalProtect-6.3.1.pkg	Get hash	malicious	Unknown	Browse
	https://b3dc9.dynv6.net/en-uz/mac	Get hash	malicious	Unknown	Browse
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFpWmkQCuyRKVYuXTODipkw1peyOsy7fzch2Qnjjx9TPdQLyq_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOGY47MMsA28ivpkfbUZ4Lg9A-2BpxdwxU5dKnUeajmF4HirYei02RaLjIoVpk4gyUMhgj92hT-2FHMQ8mxdm73E1rDJWG4U3srGJQAD6HJNqRuM2BNyhWi1cyQGPjs9bNnt3sCHX9HQ-2B1vlq1IrWdBpEUzmyiy7qWzbIHuomspNWnTuqZh3GX5k14qG6xYuxyW10TSL-2Fdyl0iPN0SOJtTt8-2FwmWJD-2F8w79oLdqJEekHbPrO-2B0v5UFAy7DfQgXJdU4VdPg-3D	Get hash	malicious	Unknown	Browse
	EACA1218AC7D98866DFE1F45785598942394234D.html	Get hash	malicious	Unknown	Browse
	http://grifon.info/announce?info_hash=%08%95%AE%D1m%DD%1A%0B%CEo%C0%27%3Af%7B%14sf%3FC&peer_id=-AZ5770-SNhwkI5WcC8E&supportcrypto=1&port=51797&azudp=51797&uploaded=0&downloaded=0&left=243670495&corrupt=0&event=started&numwant=75&no_peer_id=1&compact=1&key=j9C8cT74&azver=3(87.236.16.208)	Get hash	malicious	Unknown	Browse
	https://lookerstudio.google.com/reporting/d787ae12-bf74-43b9-af2f-d8d57b4065f6/page/RpuBE?s=t1OjWts8lSQ	Get hash	malicious	Unknown	Browse
	https://topawardpicks.top	Get hash	malicious	Unknown	Browse
	VFtaM6iwOv	Get hash	malicious	Unknown	Browse
	https://ab5.dultzman.ru/453661207694068nTmWxOZPLYNVYOTMBINCEQSANMABCGVTBFIXRSRIKIYCZTF	Get hash	malicious	Unknown	Browse
	https://eu2.contabostorage.com/0f057bf4d91340d3ae18d5f31372fa7e:new/document.html#rthurston@democracyforward.org	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
h3.apis.apple.map.fastly.net	GlobalProtect-6.3.1.pkg	Get hash	malicious	Unknown	Browse	151.101.195.6
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl1bBkz1ufgENuAZF1ODXRkOEXcot-2BlieaBFtd0IhXM08Jp__OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOxzyaiykDuoFljiX91jkOGF7TGq8s59HY1LfNpqOHr1hEZu4XswpdGfGTbIsw4Mg7Ewx-2FAzTwbYOEI5c5W9xQE63UMPeYSBL2GJwQizVTVETCyjhoaIq4ot5vl7L-2BMO3KbJCX7vVUyT6NGOFhbY99Ap0lxFmjxSsCRRr7CrNGrevXE9jp8IJyovKPHHX6-2FxnVR-2BVdKd5S1Zkq94QkyDWCs9lCPSQ3LNxOSscF1edS7fTz6-2Bswo-2FZW2dAOCyCTKBxs-3D#Ymhhc2thci5zYW1iYXNpdmFuQHNhYW1hLmNvbQ==	Get hash	malicious	Unknown	Browse	151.101.3.6
	https://topawardpicks.top	Get hash	malicious	Unknown	Browse	151.101.131.6
	https://b3dc9.dynv6.net/en-tj/iphone	Get hash	malicious	Unknown	Browse	151.101.131.6
	https://b3dc9.dynv6.net/en-nz/itunes-gift-card-scams	Get hash	malicious	Unknown	Browse	151.101.3.6
	https://b3dc9.dynv6.net/en-uz/mac	Get hash	malicious	Unknown	Browse	151.101.195.6
	https://b3dc9.dynv6.net/en-uz/watch	Get hash	malicious	Unknown	Browse	151.101.3.6
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFpWmkQCuyRKVYuXTODipkw1peyOsy7fzch2Qnjjx9TPdQLyq_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOGY47MMsA28ivpkfbUZ4Lg9A-2BpxdwxU5dKnUeajmF4HirYei02RaLjIoVpk4gyUMhgj92hT-2FHMQ8mxdm73E1rDJWG4U3srGJQAD6HJNqRuM2BNyhWi1cyQGPjs9bNnt3sCHX9HQ-2B1vlq1IrWdBpEUzmyiy7qWzbIHuomspNWnTuqZh3GX5k14qG6xYuxyW10TSL-2Fdyl0iPN0SOJtTt8-2FwmWJD-2F8w79oLdqJEekHbPrO-2B0v5UFAy7DfQgXJdU4VdPg-3D	Get hash	malicious	Unknown	Browse	151.101.131.6
	EACA1218AC7D98866DFE1F45785598942394234D.html	Get hash	malicious	Unknown	Browse	151.101.3.6
	https://www.rashakhodro.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWJ6RkxWV3c9JnVpZD1VU0VSMTUwOTIwMjRVMTUwOTE1NDQ=N0123Ninfo@colemanenv.com	Get hash	malicious	Unknown	Browse	151.101.3.6

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
FASTLYUS	3wtD2jXnxy.exe	Get hash	malicious	RedLine, STRRAT	Browse	199.232.196.209
	https://www.calameo.com/read/0077804248b46bb5a7c19	Get hash	malicious	HtmlDropper	Browse	151.101.66.137
	https://u9313450.ct.sendgrid.net/ls/click?upn=u001.ZfA-2BqTl2mXIVteOCc-2BANg-2BtYQAbYWaU-2BKDDWa611GxHig-2BgElXnUy1eAOeNoTI9ToS9WuAxRUdR21lAIsTPE0g-3D-3Dd8kL_bf4JG6rVotaFp8XsYJMcbHq5p6ju5xz6OkJFWJQMhev1YsQkFFV7zJr96yz5256BnjjwP-2FrVNKeomJDukUeXnM2-2FUbrpvrFpNFdN8Hxo-2B8NA1G5PPzQiWnVnq4RPrf4MxseS-2FjeJBGe3OOYXNXxDmns1gfYeFwrIC6tXtQ3KJv23PKABAyqpBB-2FnsXl7BropPMbry14s3UYpaAeg1aJih0NQeQpVSOm5MBDYOXEHCyJCtLrpoW6SuZeJlGeeWyYAhbotSAdFsjwH5JN5fjIYp-2BMzHm9VPykPI2oeKmW91mIcQqO5YJ1dVv925b7N0T1v	Get hash	malicious	Unknown	Browse	151.101.65.195
	http://reviewnewdocuments.wordpress.com/	Get hash	malicious	Unknown	Browse	151.101.129.140
	https://links.truthsocial.com/link/113203933939427541	Get hash	malicious	Unknown	Browse	151.101.194.137
	Notaire-document.html	Get hash	malicious	Unknown	Browse	151.101.66.137
	voicemaiVOIP_1002202474911222280000000082autoresponse.htm	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://trello.com/c/HA4sCE32	Get hash	malicious	HTMLPhisher	Browse	199.232.188.157
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Phisher	Browse	151.101.194.137
	http://arcor.cfd	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
AKAMAI-ASUS	c84f2f8df965727bcdcc4de6beecf70c960ef7c885e77.dll	Get hash	malicious	LummaC	Browse	104.102.49.254
	75c6a7ee973b556a2a3914a9e4b18bc019636e70fb6f4c2f8c6f7da0af050cbb.7z	Get hash	malicious	Unknown	Browse	23.201.253.231
	0a839761915d.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Activator by URKE v2.5.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.102.49.254
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Phisher	Browse	184.28.90.27
	http://arcor.cfd	Get hash	malicious	HTMLPhisher	Browse	104.78.188.188
	Message_2484922.eml	Get hash	malicious	Unknown	Browse	184.28.90.27
	https://terryatchison-my.sharepoint.com/:f:/g/personal/terry_terryatchison_com_au/ElPLLTBYg_xBi3psE6F6HW0BDiAPLHOUdwoTRpPTGgsocg?e=hlVHMO	Get hash	malicious	Unknown	Browse	23.38.98.96
	file.exe	Get hash	malicious	Vidar	Browse	104.102.49.254
FASTLYUS	3wtD2jXnxy.exe	Get hash	malicious	RedLine, STRRAT	Browse	199.232.196.209
	https://www.calameo.com/read/0077804248b46bb5a7c19	Get hash	malicious	HtmlDropper	Browse	151.101.66.137
	https://u9313450.ct.sendgrid.net/ls/click?upn=u001.ZfA-2BqTl2mXIVteOCc-2BANg-2BtYQAbYWaU-2BKDDWa611GxHig-2BgElXnUy1eAOeNoTI9ToS9WuAxRUdR21lAIsTPE0g-3D-3Dd8kL_bf4JG6rVotaFp8XsYJMcbHq5p6ju5xz6OkJFWJQMhev1YsQkFFV7zJr96yz5256BnjjwP-2FrVNKeomJDukUeXnM2-2FUbrpvrFpNFdN8Hxo-2B8NA1G5PPzQiWnVnq4RPrf4MxseS-2FjeJBGe3OOYXNXxDmns1gfYeFwrIC6tXtQ3KJv23PKABAyqpBB-2FnsXl7BropPMbry14s3UYpaAeg1aJih0NQeQpVSOm5MBDYOXEHCyJCtLrpoW6SuZeJlGeeWyYAhbotSAdFsjwH5JN5fjIYp-2BMzHm9VPykPI2oeKmW91mIcQqO5YJ1dVv925b7N0T1v	Get hash	malicious	Unknown	Browse	151.101.65.195
	http://reviewnewdocuments.wordpress.com/	Get hash	malicious	Unknown	Browse	151.101.129.140
	https://links.truthsocial.com/link/113203933939427541	Get hash	malicious	Unknown	Browse	151.101.194.137
	Notaire-document.html	Get hash	malicious	Unknown	Browse	151.101.66.137
	voicemaiVOIP_1002202474911222280000000082autoresponse.htm	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://trello.com/c/HA4sCE32	Get hash	malicious	HTMLPhisher	Browse	199.232.188.157
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	Phisher	Browse	151.101.194.137
	http://arcor.cfd	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
5c118da645babe52f060d0754256a73c	GlobalProtect-6.3.1.pkg	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl1bBkz1ufgENuAZF1ODXRkOEXcot-2BlieaBFtd0IhXM08Jp__OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOxzyaiykDuoFljiX91jkOGF7TGq8s59HY1LfNpqOHr1hEZu4XswpdGfGTbIsw4Mg7Ewx-2FAzTwbYOEI5c5W9xQE63UMPeYSBL2GJwQizVTVETCyjhoaIq4ot5vl7L-2BMO3KbJCX7vVUyT6NGOFhbY99Ap0lxFmjxSsCRRr7CrNGrevXE9jp8IJyovKPHHX6-2FxnVR-2BVdKd5S1Zkq94QkyDWCs9lCPSQ3LNxOSscF1edS7fTz6-2Bswo-2FZW2dAOCyCTKBxs-3D#Ymhhc2thci5zYW1iYXNpdmFuQHNhYW1hLmNvbQ==	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6
	https://topawardpicks.top	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFpWmkQCuyRKVYuXTODipkw1peyOsy7fzch2Qnjjx9TPdQLyq_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOGY47MMsA28ivpkfbUZ4Lg9A-2BpxdwxU5dKnUeajmF4HirYei02RaLjIoVpk4gyUMhgj92hT-2FHMQ8mxdm73E1rDJWG4U3srGJQAD6HJNqRuM2BNyhWi1cyQGPjs9bNnt3sCHX9HQ-2B1vlq1IrWdBpEUzmyiy7qWzbIHuomspNWnTuqZh3GX5k14qG6xYuxyW10TSL-2Fdyl0iPN0SOJtTt8-2FwmWJD-2F8w79oLdqJEekHbPrO-2B0v5UFAy7DfQgXJdU4VdPg-3D	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6
	EACA1218AC7D98866DFE1F45785598942394234D.html	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6
	http://grifon.info/announce?info_hash=%08%95%AE%D1m%DD%1A%0B%CEo%C0%27%3Af%7B%14sf%3FC&peer_id=-AZ5770-SNhwkI5WcC8E&supportcrypto=1&port=51797&azudp=51797&uploaded=0&downloaded=0&left=243670495&corrupt=0&event=started&numwant=75&no_peer_id=1&compact=1&key=j9C8cT74&azver=3(87.236.16.208)	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bxn--dic%C2%ADesisdeba%C2%ADrin%C2%ADas%C2%AD-6%C2%ADu%C2%ADb.%E2%80%8Bor%C2%ADg%2Fsys%2Fcss%2FvzEOd74Ux6iYa/YWxldGhpYS5oZXJtb3NpbGxvQHdyaS5vcmc=	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6
	https://www.rashakhodro.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWJ6RkxWV3c9JnVpZD1VU0VSMTUwOTIwMjRVMTUwOTE1NDQ=N0123Ninfo@colemanenv.com	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6
	https://lookerstudio.google.com/reporting/d787ae12-bf74-43b9-af2f-d8d57b4065f6/page/RpuBE?s=t1OjWts8lSQ	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6
	https://topawardpicks.top	Get hash	malicious	Unknown	Browse	151.101.3.6 151.101.195.6

Dropped Files

⊘No context

Created / dropped Files

/dev/null

Download File

Process:	/Applications/Preview.app/Contents/MacOS/Preview
File Type:	ASCII text, with very long lines (412)
Category:	dropped
Size (bytes):	686
Entropy (8bit):	5.192434293895196
Encrypted:	false
SSDEEP:	12:GJjPXrNfKtrPtXhF4FSy7kf9UoyFf9UXQzUQljleVKsh:GhxuzBhF4FD7kFAFTxlAVr
MD5:	6E7775C290DA86E35382620E87816345
SHA1:	0E760117C61C5E40ADC3E4093992BA10B94BC0B3
SHA-256:	74CF23EFBA9475D8E909BA614D3A5FC4A103D19C1C36F64759C06359CC536FDA
SHA-512:	D9125AC618E41392B0DF3B1B5FE6EAE519A6C3B8D1AE74BF55B0A713207A057FBB19CA9F6C3E7B1FCD74A8657E276F242CD47E795F12FC20316B8D4783C8BB20
Malicious:	false
Reputation:	low
Preview:	2024-10-03 13:45:13.569 Preview[624:5026] ApplePersistence=NO.2024-10-03 13:45:14.471 Preview[624:5026] WARNING: The SplitView is not layer-backed, but trying to use overlay sidebars.. implicitly layer-backing for now. Please file a radar against this app if you see this..objc[624]: Class FIFinderSyncExtensionHost is implemented in both /System/Library/PrivateFrameworks/FinderKit.framework/Versions/A/FinderKit (0x7fffacd91210) and /System/Library/PrivateFrameworks/FileProvider.framework/OverrideBundles/FinderSyncCollaborationFileProviderOverride.bundle/Contents/MacOS/FinderSyncCollaborationFileProviderOverride (0x10fa49dc8). One of the two will be used. Which one is undefined..

Static File Info

General

File type:	PDF document, version 1.4, 0 pages
Entropy (8bit):	7.723930723540299
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Jacqueline_Dinsmore.pdf
File size:	24'425 bytes
MD5:	02c546cf3968743d318fe66c4f9af5b2
SHA1:	d2c564071d69de60469c61624c29acee8a8251df
SHA256:	29807f225357227915f9cd05d17def86b35f19ba81dd512c98a52ee82b891662
SHA512:	149cded252d50c3a2e564e5541e676ae09c88b77823c574f122552b43f971dd3848ff1926fd629b8cd3c7605de8e5ad658a3b49648a07a52ebd2e9be99e44f5e
SSDEEP:	384:v84e677XeYl7j2vQ6/bV9yMc+kxz3bCUSvIIh1u/zYRnayDB4uACUSy:v8JsTeYl67/b2j++sIIh1+YRayiN
TLSH:	28B29F69E8D81C4DE8E3D736B5B5391E443DF1138AE4AA9170320B067918F946D33AAF
File Content Preview:	%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241003164712+02'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.723931
Total Bytes:	24425
Stream Entropy:	7.925023
Stream Bytes:	19948
Entropy outside Streams:	5.159128
Bytes outside Streams:	4477
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	32
endobj	32
stream	7
endstream	7
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
6	2000307161a01000	c5c672eee1dd3277b52449864c04bb69
8	0000000000000000	7770adc8629bda31a7e109b7824bb9c3

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 20:45:07.502757072 CEST	49351	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:07.507560968 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.507761955 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.507827044 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.508121014 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.508471012 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.549818039 CEST	443	49349	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.549905062 CEST	443	49349	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.550668001 CEST	49349	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:07.598086119 CEST	443	49351	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.599069118 CEST	49351	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:07.602483034 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.602722883 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.602979898 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.602998018 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.603010893 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.603565931 CEST	49351	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:07.603610992 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.603635073 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.604490995 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.604490995 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.605117083 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.609781981 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.609811068 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.610583067 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.610583067 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.616368055 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.616396904 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.617027044 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.617479086 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.623241901 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.623274088 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.624084949 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.624496937 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.629852057 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.629889965 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.630892038 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.631386042 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.636374950 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.636440992 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.637198925 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.637339115 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.643177986 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.643233061 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.644376040 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.644613028 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.649909973 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.649982929 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.650661945 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.650758982 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.698148012 CEST	443	49351	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.699137926 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.699240923 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.699373007 CEST	443	49351	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.699489117 CEST	443	49351	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.699557066 CEST	443	49351	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.699668884 CEST	443	49351	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.699724913 CEST	443	49351	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.702545881 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.702567101 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.702629089 CEST	49351	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:07.702629089 CEST	49351	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:07.702672005 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.702712059 CEST	49351	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:07.702919006 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.703177929 CEST	49351	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:07.703552008 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.703826904 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.709094048 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:07.710134983 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:07.711016893 CEST	49351	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:07.805641890 CEST	443	49351	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.805720091 CEST	443	49351	151.101.195.6	192.168.11.12
Oct 3, 2024 20:45:07.806617022 CEST	49351	443	192.168.11.12	151.101.195.6
Oct 3, 2024 20:45:08.114694118 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:08.208801985 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:09.376574993 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:09.381747961 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:09.470895052 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:09.471796036 CEST	49348	443	192.168.11.12	17.248.199.67
Oct 3, 2024 20:45:09.475959063 CEST	443	49348	17.248.199.67	192.168.11.12
Oct 3, 2024 20:45:41.221081018 CEST	49381	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.221240044 CEST	443	49381	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:41.222009897 CEST	49381	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.231127024 CEST	49381	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.231249094 CEST	443	49381	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:41.466799974 CEST	443	49381	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:41.467650890 CEST	49381	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.467652082 CEST	49381	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.800848007 CEST	49381	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.801034927 CEST	443	49381	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:41.801450968 CEST	443	49381	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:41.801631927 CEST	49381	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.802036047 CEST	49381	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.862555981 CEST	49382	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.862689972 CEST	443	49382	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:41.863451958 CEST	49382	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.869205952 CEST	49382	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:41.869307041 CEST	443	49382	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.086541891 CEST	443	49382	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.087444067 CEST	49382	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.087444067 CEST	49382	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.102118015 CEST	49382	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.102317095 CEST	443	49382	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.102747917 CEST	443	49382	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.103207111 CEST	49382	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.103260994 CEST	49382	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.175354958 CEST	49383	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.175513029 CEST	443	49383	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.176203966 CEST	49383	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.177165031 CEST	49383	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.177248001 CEST	443	49383	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.380158901 CEST	443	49383	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.381211996 CEST	49383	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.381211996 CEST	49383	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.395076990 CEST	49383	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.395222902 CEST	443	49383	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.395513058 CEST	443	49383	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.396130085 CEST	49383	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.396275043 CEST	49383	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.447283030 CEST	49384	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.447441101 CEST	443	49384	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.448339939 CEST	49384	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.459888935 CEST	49384	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.460011005 CEST	443	49384	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.677143097 CEST	443	49384	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.678308964 CEST	49384	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.678308964 CEST	49384	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.701940060 CEST	49384	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.702163935 CEST	443	49384	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.702738047 CEST	49384	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:45:42.702800035 CEST	443	49384	151.101.3.6	192.168.11.12
Oct 3, 2024 20:45:42.703350067 CEST	49384	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:05.766094923 CEST	49344	80	192.168.11.12	104.76.101.13
Oct 3, 2024 20:46:05.860744953 CEST	80	49344	104.76.101.13	192.168.11.12
Oct 3, 2024 20:46:05.861463070 CEST	49344	80	192.168.11.12	104.76.101.13
Oct 3, 2024 20:46:23.417032957 CEST	49392	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.417192936 CEST	443	49392	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.418138981 CEST	49392	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.418781996 CEST	49392	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.418879986 CEST	443	49392	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.626631975 CEST	443	49392	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.627619028 CEST	49392	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.627619028 CEST	49392	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.636154890 CEST	49392	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.636482954 CEST	443	49392	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.637151957 CEST	49392	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.666076899 CEST	49393	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.666234016 CEST	443	49393	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.667118073 CEST	49393	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.669646025 CEST	49393	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.669768095 CEST	443	49393	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.879239082 CEST	443	49393	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.880110979 CEST	49393	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.880229950 CEST	49393	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.892438889 CEST	49393	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.892774105 CEST	443	49393	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.893421888 CEST	49393	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.893495083 CEST	443	49393	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.894084930 CEST	49393	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.925043106 CEST	49394	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.925200939 CEST	443	49394	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:23.926018953 CEST	49394	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.927103043 CEST	49394	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:23.927221060 CEST	443	49394	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:24.125005960 CEST	443	49394	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:24.125849009 CEST	49394	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.125849009 CEST	49394	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.131783009 CEST	49394	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.131922007 CEST	443	49394	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:24.132163048 CEST	443	49394	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:24.132693052 CEST	49394	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.132949114 CEST	49394	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.147746086 CEST	49395	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.147805929 CEST	443	49395	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:24.148726940 CEST	49395	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.149601936 CEST	49395	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.149665117 CEST	443	49395	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:24.351336002 CEST	443	49395	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:24.352286100 CEST	49395	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.352286100 CEST	49395	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.359802008 CEST	49395	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:24.360089064 CEST	443	49395	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:24.360697985 CEST	49395	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.422388077 CEST	49396	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.422564983 CEST	443	49396	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:45.423397064 CEST	49396	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.426162004 CEST	49396	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.426307917 CEST	443	49396	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:45.665993929 CEST	443	49396	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:45.666919947 CEST	49396	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.666919947 CEST	49396	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.697381020 CEST	49396	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.697674990 CEST	443	49396	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:45.698246956 CEST	443	49396	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:45.698245049 CEST	49396	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.698836088 CEST	49396	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.842804909 CEST	49398	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.842983961 CEST	443	49398	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:45.843852043 CEST	49398	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.844796896 CEST	49398	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:45.844926119 CEST	443	49398	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:46.051387072 CEST	443	49398	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:46.052217960 CEST	49398	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:46.052310944 CEST	49398	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:46.060295105 CEST	49398	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:46.060422897 CEST	443	49398	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:46.060698032 CEST	443	49398	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:46.061135054 CEST	49398	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:46.061435938 CEST	49398	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:46.899003983 CEST	49401	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:46.899162054 CEST	443	49401	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:46.900314093 CEST	49401	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:46.901438951 CEST	49401	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:46.901557922 CEST	443	49401	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:47.106925011 CEST	443	49401	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:47.107763052 CEST	49401	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:47.107763052 CEST	49401	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:47.113481998 CEST	49401	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:47.113626957 CEST	443	49401	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:47.113910913 CEST	443	49401	151.101.3.6	192.168.11.12
Oct 3, 2024 20:46:47.114443064 CEST	49401	443	192.168.11.12	151.101.3.6
Oct 3, 2024 20:46:47.114484072 CEST	49401	443	192.168.11.12	151.101.3.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 20:45:29.415402889 CEST	53	59261	1.1.1.1	192.168.11.12
Oct 3, 2024 20:46:23.316263914 CEST	57878	53	192.168.11.12	1.1.1.1
Oct 3, 2024 20:46:23.411510944 CEST	53	57878	1.1.1.1	192.168.11.12

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2024 20:46:23.316263914 CEST	192.168.11.12	1.1.1.1	0x62b9	Standard query (0)	h3.apis.apple.map.fastly.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 3, 2024 20:46:23.411510944 CEST	1.1.1.1	192.168.11.12	0x62b9	No error (0)	h3.apis.apple.map.fastly.net	151.101.3.6	A (IP address)	IN (0x0001)	false
Oct 3, 2024 20:46:23.411510944 CEST	1.1.1.1	192.168.11.12	0x62b9	No error (0)	h3.apis.apple.map.fastly.net	151.101.195.6	A (IP address)	IN (0x0001)	false
Oct 3, 2024 20:46:23.411510944 CEST	1.1.1.1	192.168.11.12	0x62b9	No error (0)	h3.apis.apple.map.fastly.net	151.101.67.6	A (IP address)	IN (0x0001)	false
Oct 3, 2024 20:46:23.411510944 CEST	1.1.1.1	192.168.11.12	0x62b9	No error (0)	h3.apis.apple.map.fastly.net	151.101.131.6	A (IP address)	IN (0x0001)	false

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Oct 3, 2024 20:45:07.699557066 CEST	151.101.195.6	443	192.168.11.12	49351	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 26 15:47:44 CEST 2024 Wed Apr 29 14:54:50 CEST 2020	Thu Dec 19 19:00:57 CET 2024 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Oct 3, 2024 20:45:07.699557066 CEST	151.101.195.6	443	192.168.11.12	49351	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c

System Behavior

Analysis Process: xpcproxy PID: 615, Parent PID: 1

General

Start time (UTC):	18:45:06
Start date (UTC):	03/10/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

Chronological Activities

Analysis Process: nsurlstoraged PID: 615, Parent PID: 1

General

Start time (UTC):	18:45:06
Start date (UTC):	03/10/2024
Path:	/usr/libexec/nsurlstoraged
Arguments:	/usr/libexec/nsurlstoraged --privileged
File size:	246624 bytes
MD5 hash:	321b0a40e24b45f0af49ba42742b3f64

Chronological Activities

Analysis Process: mono-sgen32 PID: 623, Parent PID: 537

General

Start time (UTC):	18:45:12
Start date (UTC):	03/10/2024
Path:	/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
Arguments:	-
File size:	3722408 bytes
MD5 hash:	8910349f44a940d8d79318367855b236

Chronological Activities

Analysis Process: open PID: 623, Parent PID: 537

General

Start time (UTC):	18:45:12
Start date (UTC):	03/10/2024
Path:	/usr/bin/open
Arguments:	/usr/bin/open /Users/bernard/Desktop/Jacqueline_Dinsmore.pdf
File size:	105952 bytes
MD5 hash:	34bd93241fa5d2aee225941b1ca14fa4

Chronological Activities

Analysis Process: xpcproxy PID: 624, Parent PID: 1

General

Start time (UTC):	18:45:12
Start date (UTC):	03/10/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

Chronological Activities

Analysis Process: Preview PID: 624, Parent PID: 1

General

Start time (UTC):	18:45:12
Start date (UTC):	03/10/2024
Path:	/Applications/Preview.app/Contents/MacOS/Preview
Arguments:	/Applications/Preview.app/Contents/MacOS/Preview
File size:	2730496 bytes
MD5 hash:	6d42705dd70a79028f5961c87a79b9ce

Chronological Activities

Analysis Process: xpcproxy PID: 646, Parent PID: 1

General

Start time (UTC):	18:46:43
Start date (UTC):	03/10/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

Chronological Activities

Analysis Process: eficheck PID: 646, Parent PID: 1

General

Start time (UTC):	18:46:43
Start date (UTC):	03/10/2024
Path:	/usr/libexec/firmwarecheckers/eficheck/eficheck
Arguments:	/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
File size:	74048 bytes
MD5 hash:	328beb81a2263449258057506bb4987f

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

macOS Analysis Report Jacqueline_Dinsmore.pdf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/dev/null

Static File Info

General

Static PDF Info

General

Keywords Statistics

Image Streams

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Connections

System Behavior

Analysis Process: xpcproxy PID: 615, Parent PID: 1

General

Chronological Activities

Analysis Process: nsurlstoraged PID: 615, Parent PID: 1

General

Chronological Activities

Analysis Process: mono-sgen32 PID: 623, Parent PID: 537

General

Chronological Activities

Analysis Process: open PID: 623, Parent PID: 537

General

Chronological Activities

Analysis Process: xpcproxy PID: 624, Parent PID: 1

General

Chronological Activities

Analysis Process: Preview PID: 624, Parent PID: 1

General

Chronological Activities

Analysis Process: xpcproxy PID: 646, Parent PID: 1

General

macOS Analysis Report
Jacqueline_Dinsmore.pdf