Overview

overview

7

Static

static

1

ZoomSetup.exe

windows7-x64

7

ZoomSetup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ZoomSetup.exe

  • Size

    44.9MB

  • MD5

    fdc3b66311cd19524c14db567bc9b140

  • SHA1

    9299b013e7a72d1638e0381ba1ef1a89f8e1bab9

  • SHA256

    e257cf8c1fc5332bf81f85408123762457a698709f745da15607dc594742019f

  • SHA512

    f866ed7e7a27d9c6da484ec8dff8b0b0545cab261cb86d77186ee1287e367f89517bd2a195905599ab2288b67eb2e6db0ff6a0d6cfe133f1b0a8ad417caf2d52

  • SSDEEP

    786432:BrVP72qAVPQhBbH4vgIud86Ja3eqIus6fcrNddM51SmLYuG3Ova8Vi7:ZLOPQhBb2VuCjuqILdu5RYVMa6i7

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ZoomSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\ZoomSetup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Users\Admin\AppData\Local\Temp\is-O69QQ.tmp\ZoomSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-O69QQ.tmp\ZoomSetup.tmp" /SL5="$501D6,46576118,140800,C:\Users\Admin\AppData\Local\Temp\ZoomSetup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-O69QQ.tmp\ZoomSetup.tmp
    Filesize

    1.4MB

    MD5

    c0a9bf6505dde3b00b516443f54742cb

    SHA1

    212110fe7230ac702d56fa38e3b2b907131893b8

    SHA256

    decf9c7aaee458a9671efe6fb1a6defb2f6a121d06112a24a433a412af94af68

    SHA512

    5fbc72c1ebff450ba8f91811628dfd579ab946752cdd8c54eaa968be0ad02d4591b53a22a4a9436ab91dc0d9b0b0d039bf80700be48ea92554a5dfe21b9aa21a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-S6Q8S.tmp\idp.dll
    Filesize

    232KB

    MD5

    55c310c0319260d798757557ab3bf636

    SHA1

    0892eb7ed31d8bb20a56c6835990749011a2d8de

    SHA256

    54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

    SHA512

    e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

    Download Submit

  • memory/1736-0-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1736-2-0x0000000000401000-0x0000000000417000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1736-17-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/3656-7-0x0000000000400000-0x0000000000578000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3656-18-0x0000000000400000-0x0000000000578000-memory.dmp

    Filesize

    1.5MB

    Download