URL: | https://zoom.us/j/979770978 |
Full analysis: | https://app.any.run/tasks/c527fd27-ee97-41d3-8557-7d8937234929 |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 09:13:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 0E128B4F6E103E3EE7419C6E8BA2111A |
SHA1: | D72968A6B04B76A853F74CFA988ACFDEC2898A33 |
SHA256: | 0304737BDAF2F27924B36737B73049E86F32E99170B15C206515D0A7BA37F50D |
SSDEEP: | 3:N88LWSSX:28LWSK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2240 | "C:\Program Files\Internet Explorer\iexplore.exe" https://zoom.us/j/979770978 | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2108 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2240 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3016 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Zoom_cm_ds_mNJcN8ZIUZE2slwyr8snYlcg5F4ef8rW+IQ@9-5zzsgcROmQLbnL_k0eebd15c4fc89a4c_.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Zoom_cm_ds_mNJcN8ZIUZE2slwyr8snYlcg5F4ef8rW+IQ@9-5zzsgcROmQLbnL_k0eebd15c4fc89a4c_.exe | iexplore.exe | |
User: admin Company: Zoom Video Communications, Inc. Integrity Level: MEDIUM Description: Zoom Opener Exit code: 0 Version: 5,0,26188,0601 | ||||
3968 | "C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" ZInstaller --conf.mode=silent --ipc_wnd=66012 | C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | Zoom_cm_ds_mNJcN8ZIUZE2slwyr8snYlcg5F4ef8rW+IQ@9-5zzsgcROmQLbnL_k0eebd15c4fc89a4c_.exe | |
User: admin Company: Zoom Video Communications, Inc. Integrity Level: MEDIUM Description: Zoom Installer Exit code: 0 Version: 5,2,42619,0804 | ||||
2852 | "C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" /addfwexception --bin_home="C:\Users\admin\AppData\Roaming\Zoom\bin" | C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe | Installer.exe | |
User: admin Company: Zoom Video Communications, Inc. Integrity Level: HIGH Description: Zoom Installer Exit code: 0 Version: 5,2,42619,0804 | ||||
280 | "C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://win.launch?h.domain=zoom.us&h.path=join&confid=dXNzPTdJWk5LMFJkYmtxQ1gyeHhfTTViWEpzZWd4Z0tMNG5pNWtNSHBwSmU2Y2N4SEczM0F3VWFWQk5wSjlzbkpGUU5XM3hDYmhFOE5jbU0uenFfenlMN01Qc01fRXRGVSZ0aWQ9NzBiYzgxMTJjZWZmNDRjN2E0MzlhYzgxMWFmNTQ0ZDE%3D&mcv=0.92.11227.0929&stype=0&zc=64&browser=msie&action=join&confno=979770978" | C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe | Zoom_cm_ds_mNJcN8ZIUZE2slwyr8snYlcg5F4ef8rW+IQ@9-5zzsgcROmQLbnL_k0eebd15c4fc89a4c_.exe | |
User: admin Company: Zoom Video Communications, Inc. Integrity Level: MEDIUM Description: Zoom Meetings Version: 5,2,42619,0804 | ||||
1984 | "C:\Users\admin\AppData\Local\Temp\zm3BCC.tmp" -DAF8C715436E44649F1312698287E6A5=C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Zoom_cm_ds_mNJcN8ZIUZE2slwyr8snYlcg5F4ef8rW+IQ@9-5zzsgcROmQLbnL_k0eebd15c4fc89a4c_.exe | C:\Users\admin\AppData\Local\Temp\zm3BCC.tmp | — | Zoom_cm_ds_mNJcN8ZIUZE2slwyr8snYlcg5F4ef8rW+IQ@9-5zzsgcROmQLbnL_k0eebd15c4fc89a4c_.exe |
User: admin Company: Zoom Video Communications, Inc. Integrity Level: MEDIUM Description: Zoom Opener Exit code: 0 Version: 5,0,26188,0601 | ||||
2968 | C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe --action=join --runaszvideo=TRUE | C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe | — | Zoom.exe |
User: admin Company: Zoom Video Communications, Inc. Integrity Level: MEDIUM Description: Zoom Meetings Version: 5,2,42619,0804 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2108 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\CabE80D.tmp | — | |
MD5:— | SHA256:— | |||
2108 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\TarE80E.tmp | — | |
MD5:— | SHA256:— | |||
2108 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TFN6XOL5.txt | — | |
MD5:— | SHA256:— | |||
2108 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\P8UOZUEH.txt | — | |
MD5:— | SHA256:— | |||
2108 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UOSPMDU.txt | — | |
MD5:— | SHA256:— | |||
2108 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\G5G7B4FS.txt | — | |
MD5:— | SHA256:— | |||
2108 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\8HEWV6YI.txt | — | |
MD5:— | SHA256:— | |||
2240 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2108 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Zoom_cm_ds_mNJcN8ZIUZE2slwyr8snYlcg5F4ef8rW+IQ@9-5zzsgcROmQLbnL_k0eebd15c4fc89a4c_.exe.1ep0sq9.partial | — | |
MD5:— | SHA256:— | |||
2240 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Zoom_cm_ds_mNJcN8ZIUZE2slwyr8snYlcg5F4ef8rW+IQ@9-5zzsgcROmQLbnL_k0eebd15c4fc89a4c_.exe.1ep0sq9.partial:Zone.Identifier | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2108 | iexplore.exe | GET | 200 | 23.37.43.27:80 | http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D | NL | der | 1.71 Kb | shared |
2108 | iexplore.exe | GET | 200 | 13.35.253.5:80 | http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D | US | der | 1.51 Kb | whitelisted |
2108 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D | US | der | 314 b | whitelisted |
2108 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D | US | der | 314 b | whitelisted |
2108 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
2108 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAiD6oCkBJ7Dc0p019Hmj9U%3D | US | der | 471 b | whitelisted |
2108 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D | US | der | 471 b | whitelisted |
2108 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEQCqFSHgSXaTfCgEVqEiXGzF | US | der | 280 b | whitelisted |
2108 | iexplore.exe | GET | 200 | 143.204.208.165:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
2108 | iexplore.exe | GET | 200 | 143.204.208.165:80 | http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D | US | der | 1.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2108 | iexplore.exe | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
2108 | iexplore.exe | 23.37.43.27:80 | s.symcd.com | Akamai Technologies, Inc. | NL | whitelisted |
2108 | iexplore.exe | 18.205.93.255:443 | zoom.us | — | US | unknown |
2108 | iexplore.exe | 104.18.70.113:443 | static.zdassets.com | Cloudflare Inc | US | shared |
2108 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2108 | iexplore.exe | 143.204.201.95:443 | static.ada.support | — | US | suspicious |
2108 | iexplore.exe | 13.35.253.153:443 | d24cgw3uvb9a9h.cloudfront.net | — | US | unknown |
2240 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2108 | iexplore.exe | 143.204.208.165:80 | o.ss2.us | — | US | malicious |
3016 | Zoom_cm_ds_mNJcN8ZIUZE2slwyr8snYlcg5F4ef8rW+IQ@9-5zzsgcROmQLbnL_k0eebd15c4fc89a4c_.exe | 143.204.208.141:443 | d11yldzmag5yn.cloudfront.net | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
zoom.us |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
static.ada.support |
| whitelisted |
static.zdassets.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
d24cgw3uvb9a9h.cloudfront.net |
| shared |
s.symcd.com |
| shared |
nws.zoom.us |
| whitelisted |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |
Process | Message |
---|---|
Installer.exe | C:\Users\admin\AppData\Roaming\Zoom\zoom_install_src |
Installer.exe | C:\Users\admin\AppData\Roaming\Zoom\zoom_install_src |
Installer.exe | |
Installer.exe | [ProductPathHelper::RecursiveRemoveDirA] Path is: |
Installer.exe | C:\Users\admin\AppData\Roaming\Zoom\uninstall |
Installer.exe | |
Installer.exe | [ProductPathHelper::RecursiveRemoveDirA] Path is: |
Installer.exe | C:\Users\admin\AppData\Roaming\Zoom\bin |
Installer.exe | |
Installer.exe | [CZoomProductPathHelper::RecursiveRemoveDirA] Path is: |