Overview

overview

3

Static

static

3

8c7661068d...18.exe

windows7-x64

3

8c7661068d...18.exe

windows10-2004-x64

3

DefaultSettings.exe

windows7-x64

1

DefaultSettings.exe

windows10-2004-x64

3

Zoom Playe...er.exe

windows7-x64

3

Zoom Playe...er.exe

windows10-2004-x64

3

zpiconlib.dll

windows7-x64

3

zpiconlib.dll

windows10-2004-x64

3

zplayer.exe

windows7-x64

3

zplayer.exe

windows10-2004-x64

3

zpresampler.dll

windows7-x64

3

zpresampler.dll

windows10-2004-x64

3

zpupdate.exe

windows7-x64

3

zpupdate.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 23:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Zoom Player Install Center.exe

  • Size

    728KB

  • MD5

    e5fc889bd37e96ce13383b33fb3602eb

  • SHA1

    f1029f227bef080bff383779411a931326c5b946

  • SHA256

    d307e52142ca4927eaed20eec14c6763235a06076ec3ad0c2053193f3e83df60

  • SHA512

    e7848ecebc7c9c39deff56f454db64be916af663497fe053ddfb871dd829dd60d299e52cd5a0ab82a317a9e80795f06e16ad0c2faec3ad8ef300c6e78df49bf1

  • SSDEEP

    12288:yrN9GU1vX5muKsTqWmr8/ROa3o8XVhTMRKl19km8tdv+bJ5Hjka+JXHsRD:ybJ1vDKsTqWA8/Fo8DgAJU/GbJ5jy

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Zoom Player Install Center.exe
    "C:\Users\Admin\AppData\Local\Temp\Zoom Player Install Center.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2632

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2632-4-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download