Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Jacqueline_Dinsmore.pdf

PDF document, version 1.4, 0 pages

initial sample

Details

Filetype:	PDF document, version 1.4, 0 pages
Entropy:	7.723930723540299
Filename:	Jacqueline_Dinsmore.pdf
Filesize:	24425
MD5:	02c546cf3968743d318fe66c4f9af5b2
SHA1:	d2c564071d69de60469c61624c29acee8a8251df
SHA256:	29807f225357227915f9cd05d17def86b35f19ba81dd512c98a52ee82b891662
SHA512:	149cded252d50c3a2e564e5541e676ae09c88b77823c574f122552b43f971dd3848ff1926fd629b8cd3c7605de8e5ad658a3b49648a07a52ebd2e9be99e44f5e
SSDEEP:	384:v84e677XeYl7j2vQ6/bV9yMc+kxz3bCUSvIIh1u/zYRnayDB4uACUSy:v8JsTeYl67/b2j++sIIh1+YRayiN
Preview:	%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241003164712+02'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo

/dev/null

ASCII text, with very long lines (412)

dropped

Details

File:	/dev/null
Category:	dropped
Dump:	null.261.dr
ID:	dr_0
Target ID:	261
Process:	/Applications/Preview.app/Contents/MacOS/Preview
Type:	ASCII text, with very long lines (412)
Entropy:	5.192434293895196
Encrypted:	false
Ssdeep:	12:GJjPXrNfKtrPtXhF4FSy7kf9UoyFf9UXQzUQljleVKsh:GhxuzBhF4FD7kFAFTxlAVr
Size:	686
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

/usr/libexec/xpcproxy

/usr/libexec/nsurlstoraged

/usr/libexec/nsurlstoraged --privileged

/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32

/usr/bin/open

/usr/bin/open /Users/bernard/Desktop/Jacqueline_Dinsmore.pdf

/usr/libexec/xpcproxy

/Applications/Preview.app/Contents/MacOS/Preview

/usr/libexec/xpcproxy

/usr/libexec/firmwarecheckers/eficheck/eficheck

/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

Domains

Name

Malicious

h3.apis.apple.map.fastly.net

151.101.3.6

Details

Name:	h3.apis.apple.map.fastly.net
IP:	151.101.3.6
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

104.76.101.13

unknown

United States

Details

IP:	104.76.101.13
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

151.101.3.6

h3.apis.apple.map.fastly.net

United States

Details

IP:	151.101.3.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false
Domain:	h3.apis.apple.map.fastly.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.195.6

unknown

United States

Details

IP:	151.101.195.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Jacqueline_Dinsmore.pdf

Files

Processes

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportJacqueline_Dinsmore.pdf

Files

Processes

Domains

IPs

IOC Report
Jacqueline_Dinsmore.pdf