Malware analysis Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe Malicious activity

Add for printing

File name:	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe
Full analysis:	https://app.any.run/tasks/6bc4b4a9-8fab-44de-bf45-efb07a2f6132
Verdict:	Malicious activity
Analysis date:	February 02, 2024, 02:35:55
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	D4A6DB13E0DF8ED0A9507F29B6BA12E9
SHA1:	488293F2FE421878226C3C9BD969B89CC089E0EC
SHA256:	FA90E007BC8534B1F355C464DD379970AB4693858A83C58A1F71B8E6F05AA2BE
SSDEEP:	3072:0GzwOVKlM0BAMQtZ70Ie3lHVKN6UUFWtgxdWtQxz:0IwOKM0BAMeMlr5E6EA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Zoom.exe (PID: 3588)
  - Installer.exe (PID: 3768)
SUSPICIOUS
- Reads the Internet Settings
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Installer.exe (PID: 3768)
  - Zoom.exe (PID: 3588)
  - Zoom.exe (PID: 2512)
- Reads settings of System Certificates
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Installer.exe (PID: 3768)
  - Zoom.exe (PID: 2512)
  - Zoom.exe (PID: 3588)
  - CptHost.exe (PID: 2120)
- Checks Windows Trust Settings
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Installer.exe (PID: 3768)
  - Zoom.exe (PID: 3588)
  - Zoom.exe (PID: 2512)
  - CptHost.exe (PID: 2120)
- Reads security settings of Internet Explorer
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Installer.exe (PID: 3768)
  - Zoom.exe (PID: 2512)
  - Zoom.exe (PID: 3588)
  - CptHost.exe (PID: 2120)
- Executable content was dropped or overwritten
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Installer.exe (PID: 3768)
  - Zoom.exe (PID: 3588)
- The process creates files with name similar to system file names
  - Installer.exe (PID: 3768)
- Process drops legitimate windows executable
  - Installer.exe (PID: 3768)
- The process drops C-runtime libraries
  - Installer.exe (PID: 3768)
- Starts itself from another location
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
- Application launched itself
  - Installer.exe (PID: 3768)
  - Zoom.exe (PID: 3588)
- Starts application with an unusual extension
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
INFO
- Checks supported languages
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Installer.exe (PID: 3768)
  - Installer.exe (PID: 3388)
  - zmD2A6.tmp (PID: 3568)
  - Zoom.exe (PID: 3588)
  - Zoom.exe (PID: 2512)
  - CptHost.exe (PID: 2120)
- Create files in a temporary directory
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Zoom.exe (PID: 3588)
- Reads the computer name
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Installer.exe (PID: 3768)
  - Installer.exe (PID: 3388)
  - Zoom.exe (PID: 3588)
  - Zoom.exe (PID: 2512)
  - CptHost.exe (PID: 2120)
- Checks proxy server information
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
- Reads the machine GUID from the registry
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Installer.exe (PID: 3768)
  - Zoom.exe (PID: 3588)
  - Zoom.exe (PID: 2512)
  - CptHost.exe (PID: 2120)
- Creates files or folders in the user directory
  - Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe (PID: 1392)
  - Installer.exe (PID: 3768)
  - Zoom.exe (PID: 2512)
  - Zoom.exe (PID: 3588)
- Dropped object may contain TOR URL's
  - Installer.exe (PID: 3768)
- Process checks computer location settings
  - Zoom.exe (PID: 3588)
  - Zoom.exe (PID: 2512)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (42.2)
.exe	\|	Win64 Executable (generic) (37.3)
.dll	\|	Win32 Dynamic Link Library (generic) (8.8)
.exe	\|	Win32 Executable (generic) (6)
.exe	\|	Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2023:07:17 07:16:50+02:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.29
CodeSize:	69120
InitializedDataSize:	44032
UninitializedDataSize:	-
EntryPoint:	0x66a0
OSVersion:	5.2
ImageVersion:	-
SubsystemVersion:	5.2
Subsystem:	Windows GUI
FileVersionNumber:	5.15.5.23
ProductVersionNumber:	5.15.5.23
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Windows, Latin1
Comments:	Zoom Opener
CompanyName:	Zoom Video Communications, Inc.
FileDescription:	Zoom Opener
FileVersion:	5,15,5,23
InternalName:	Zoom Opener
LegalCopyright:	© Zoom Video Communications, Inc. All rights reserved.
LegalTrademarks:	Zoom Opener
OriginalFileName:	Zoom Opener
ProductName:	Zoom Opener
ProductVersion:	5,15,5,23

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1392

"C:\Users\admin\AppData\Local\Temp\Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe"

C:\Users\admin\AppData\Local\Temp\Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe

explorer.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom Opener

Exit code:

Version:

5,15,5,23

Modules

Images
c:\users\admin\appdata\local\temp\zoom_cm_fr5uvz9vvrzo4_mwbukkoiwcagv6+rf7zxgnfoog+2lhui4hh8@dk6juo1rpzscyo1c_k898eeda23e6bff8c_.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll

2120

-event 0000092C -pid 2512 -evtname cpthost.exe2512-41-12A51A00 -exitevent 0000091C -exitevtname cpthost.exe2512_rpcexit-41-12A51A00 -user_path "C:\Users\admin\AppData\Roaming\Zoom"

C:\Users\admin\AppData\Roaming\Zoom\bin\CptHost.exe

Zoom.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom Sharing Host

Exit code:

Version:

5,17,7,31859

Modules

Images
c:\users\admin\appdata\roaming\zoom\bin\cpthost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

2512

"C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe" --action=join --runaszvideo=TRUE

C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe

Zoom.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom Meetings

Exit code:

Version:

5,17,7,31859

Modules

Images
c:\users\admin\appdata\roaming\zoom\bin\zoom.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\roaming\zoom\bin\cmmlib.dll
c:\users\admin\appdata\roaming\zoom\bin\libcrypto-3-zm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll

3388

"C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" /addfwexception --bin_home="C:\Users\admin\AppData\Roaming\Zoom\bin"

C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

Installer.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

HIGH

Description:

Zoom Installer

Exit code:

Version:

5,17,7,31859

Modules

Images
c:\users\admin\appdata\roaming\zoom\zoomdownload\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

3568

"C:\Users\admin\AppData\Local\Temp\zmD2A6.tmp" -DAF8C715436E44649F1312698287E6A5=C:\Users\admin\AppData\Local\Temp\Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe

C:\Users\admin\AppData\Local\Temp\zmD2A6.tmp

—

Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom Opener

Exit code:

Version:

5,15,5,23

Modules

Images
c:\users\admin\appdata\local\temp\zmd2a6.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll

3588

"C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://win.launch?h.domain=zoom.us&h.path=join&stype=0&zc=0&action=join&confno=9657887816"

C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe

Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom Meetings

Exit code:

Version:

5,17,7,31859

Modules

Images
c:\users\admin\appdata\roaming\zoom\bin\zoom.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\users\admin\appdata\roaming\zoom\bin\cmmlib.dll
c:\users\admin\appdata\roaming\zoom\bin\libcrypto-3-zm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll

3768

"C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" ZInstaller --conf.mode=silent --ipc_wnd=917812

C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe

User:

admin

Company:

Zoom Video Communications, Inc.

Integrity Level:

MEDIUM

Description:

Zoom Installer

Exit code:

Version:

5,17,7,31859

Modules

Images
c:\users\admin\appdata\roaming\zoom\zoomdownload\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

Add for printing

Total events

42 633

Read events

42 530

Write events

100

Delete events

Modification events


(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(1392) Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:	write	Name:	Blob
Value: 0300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3

Add for printing

Executable files

212

Suspicious files

245

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi		—
		MD5:—	SHA256:—
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\LQ1990RI.txt		text
		MD5:852DD4F93E57701AC1AC1531A3D57161	SHA256:1B0054BC304F8C5E677902030E962E6D5D7FF077E733672C4F7C6D79DF743B15
3768	Installer.exe	C:\Users\admin\AppData\Roaming\Zoom\zoom_install_src\clap-medium.pcm		binary
		MD5:AA93AB138EC89CF7CFB8B4B0EA8990A6	SHA256:D754FC9D9378772B7A17A53E6598C9CFE4A0F3EC492F0ED30241020562F58509
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:5B16D35C46D28531B081A36FAB9390FD	SHA256:5EBE81B64FBC6D59A45E6851781B6003C96FE62ECB8CDBA6E8122CC79DD66F56
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\DHYU595H.txt		text
		MD5:9699DFE13CB154E7701FDA83275F9FFB	SHA256:7BE7020C1F1CD0F29C3A16E3D3A1CDE28B61FDE2A503DC3445249E13D46C3659
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04		der
		MD5:8AD493C2138D6A02A96CCC0D8818E3B8	SHA256:F01936F0066D6606A62E13C4F3C9DEA5BE26DF9ED35B39FFDAD44D4D62D863A5
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04		binary
		MD5:38B7A8640A75654917757AD3DD7CE570	SHA256:818B6BF0997178E6381173B0689F40302BFA312AD42BA6E8525C56F8C931E353
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	C:\Users\admin\AppData\Roaming\Zoom\ZoomDownload\Installer.exe		executable
		MD5:D38F47568EE3B8C2CE66E0D8FD5653CB	SHA256:F305E652F9A13297AC3A6D667D836AD424FDF01793D340C34C22833BA5C32C78
3768	Installer.exe	C:\Users\admin\AppData\Roaming\Zoom\zoom_install_src\clap-high.pcm		binary
		MD5:C32F95839557340B4B4197A68847CA1D	SHA256:0A16435CB3F7B8B1787476575AD646361E6FB4C07587DF874940413DE004DD08
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\3XBM33XP.txt		text
		MD5:99B658DC6201705060F5DC079752242A	SHA256:71A1A35F09ACE113FAB90B8D4E935ADE80FA14ACD3DBA12004E8116808833773

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	GET	304	87.248.205.0:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?598436b6df23f990	unknown	—	—	unknown
1080	svchost.exe	GET	304	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3e412f7b4eff0943	unknown	compressed	65.2 Kb	unknown
1080	svchost.exe	GET	200	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c503292d7802e201	unknown	compressed	65.2 Kb	unknown
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D	unknown	binary	471 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	170.114.52.2:443	miro.zoom.us	—	US	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	52.84.151.39:443	cdn.zoom.us	AMAZON-02	US	unknown
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	87.248.205.0:80	ctldl.windowsupdate.com	LLNW	US	unknown
1392	Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
1080	svchost.exe	93.184.221.240:80	ctldl.windowsupdate.com	EDGECAST	GB	whitelisted
3588	Zoom.exe	170.114.52.2:443	miro.zoom.us	—	US	unknown
3588	Zoom.exe	52.84.151.39:443	cdn.zoom.us	AMAZON-02	US	unknown

DNS requests

Domain	IP	Reputation
miro.zoom.us	170.114.52.2	unknown
zoom.us	170.114.52.2	whitelisted
cdn.zoom.us	52.84.151.39 52.84.151.62 52.84.151.41 52.84.151.42	whitelisted
ctldl.windowsupdate.com	87.248.205.0 93.184.221.240	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
www3.zoom.us	170.114.52.2	whitelisted
st1.zoom.us	52.84.151.63 52.84.151.38 52.84.151.56 52.84.151.43	whitelisted
zoomfraru253zc.fra.zoom.us	159.124.45.253	unknown
zoomfrarv253zc.fra.zoom.us	159.124.46.253	unknown
zoomamssk213zc.ams.zoom.us	159.124.4.213	unknown

Threats

No threats detected

Add for printing

Process	Message
Installer.exe
Installer.exe	C:\Users\admin\AppData\Roaming\Zoom\zoom_install_src
Installer.exe	[ProductPathHelper::RecursiveRemoveDirA] Path is:
Installer.exe	C:\Users\admin\AppData\Roaming\Zoom\tmp_uninstall
Installer.exe	[ProductPathHelper::RecursiveRemoveDirA] Path is:
Installer.exe
Installer.exe	C:\Users\admin\AppData\Roaming\Zoom\tmp_bin
Installer.exe
Installer.exe	[ProductPathHelper::RecursiveRemoveDirA] Path is:
Installer.exe	real path

General Info

Zoom_cm_fr5uvZ9vvrZo4_mwBuKKOIWCAGV6+RF7ZXgNfOoG+2LHui4Hh8@Dk6JUO1rPZScYO1c_k898eeda23e6bff8c_.exe

D4A6DB13E0DF8ED0A9507F29B6BA12E9

488293F2FE421878226C3C9BD969B89CC089E0EC

FA90E007BC8534B1F355C464DD379970AB4693858A83C58A1F71B8E6F05AA2BE

3072:0GzwOVKlM0BAMQtZ70Ie3lHVKN6UUFWtgxdWtQxz:0IwOKM0BAMeMlr5E6EA

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Reads the Internet Settings

Reads settings of System Certificates

Checks Windows Trust Settings

Reads security settings of Internet Explorer

Executable content was dropped or overwritten

The process creates files with name similar to system file names

Process drops legitimate windows executable

The process drops C-runtime libraries

Starts itself from another location

Application launched itself

Starts application with an unusual extension

INFO

Checks supported languages

Create files in a temporary directory

Reads the computer name

Checks proxy server information

Reads the machine GUID from the registry

Creates files or folders in the user directory

Dropped object may contain TOR URL's

Process checks computer location settings

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings