c270ac7d...ecd8 | Grouped Behavior
Logo
Try VMRay Analyzer
VTI SCORE: 56/100
Dynamic Analysis Report
Classification:
Dropper
Threat Names: -

Zoom.pkg

macOS PKG

Created 5 years ago

...
GroupedSequential

Monitored Processes

Process GraphProcess Graph Legend
»
Process Overview

Behavior Information - Grouped by Category

»
Process #1: installer
0
0
»
Process #2: sh
2282
0
»
Process #3: sh
1
0
»
Process #4: rm
1
0
»
Process #5: sh
1
0
»
Process #6: printenv
1
0
»
Process #7: sh
6
0
»
Process #8: date
2
0
»
Process #9: sh
1
0
»
Process #10: printenv
1
0
»
Process #11: sh
5
0
»
Process #12: whereis
5
0
»
Process #13: sh
5
0
»
Process #14: whereis
5
0
»
Process #15: sh
5
0
»
Process #16: sw_vers
0
0
»
Process #17: sh
5
0
»
Process #18: sh
1
0
»
Process #19: whoami
2
0
»
Process #20: sh
5
0
»
Process #21: dsmemberutil
1
0
»
Process #22: sh
2
0
»
Process #23: sh
34
0
»
Process #24: sh
5
0
»
Process #25: grep
2
0
»
Process #26: sh
6
0
»
Process #27: expr
0
0
»
Process #28: sh
1
0
»
Process #29: PlistBuddy
1
0
»
Process #30: sh
1
0
»
Process #31: mkdir
1
0
»
Process #32: sh
6
0
»
Process #33: ls
29
0
»
Process #34: sh
6
0
»
Process #35: date
2
0
»
Process #36: sh
6
0
»
Process #37: date
2
0
»
Process #38: sh
6
0
»
Process #39: date
2
0
»
Process #40: sh
1
0
»
Process #41: killall
3
0
»
Process #42: sh
5
0
»
Process #43: sh
6
0
»
Process #44: ps
0
0
»
Process #45: sh
5
0
»
Process #46: sh
1
0
»
Process #47: sh
5
0
»
Process #48: grep
2
0
»
Process #49: sh
5
0
»
Process #50: grep
2
0
»
Process #51: cut
0
0
»
Process #52: sh
5
0
»
Process #53: sh
6
0
»
Process #54: ps
0
0
»
Process #55: sh
5
0
»
Process #56: sh
39
0
»
Process #57: grep
3
0
»
Process #58: sh
5
0
»
Process #59: sh
5
0
»
Process #60: grep
2
0
»
Process #61: cut
0
0
»
Process #62: sh
6
0
»
Process #63: date
2
0
»
Process #64: sh
1
0
»
Process #65: mkdir
1
0
»
Process #66: sh
1
0
»
Process #67: mkdir
1
0
»
Process #68: sh
1
0
»
Process #69: rm
4
0
»
Process #70: sh
2
0
»
Process #71: mdfind
0
0
»
Process #72: sh
6
0
»
Process #73: date
2
0
»
Process #74: sh
1
0
»
Process #75: sh
1
0
»
Process #76: sh
2
0
»
Process #77: 7zr
4361
0
»
Process #78: 7zr
5210
0
»
Process #79: sh
6
0
»
Process #80: date
2
0
»
Process #81: sh
6
0
»
Process #82: date
2
0
»
Process #83: sh
2
0
»
Process #84: mv
7
0
»
Process #85: sh
2
0
»
Process #86: mv
7
0
»
Process #87: sh
6
0
»
Process #88: date
2
0
»
Process #89: sh
1
0
»
Process #90: sh
3
0
»
Process #91: rm
6
0
»
Process #92: sh
6
0
»
Process #93: sh
1
0
»
Process #94: cat
3
0
»
Process #95: sh
1
0
»
Process #96: rm
3
0
»
Process #97: sh
1
0
»
Process #98: zoomAutenticationTool
0
0
»
Process #99: zoomAutenticationTool
0
0
»
Process #100: security_authtrampoline
1
0
»
Process #101: sh
28
0
»
Process #102: sh
6
0
»
Process #103: date
2
0
»
Process #104: sh
1
0
»
Process #105: mkdir
1
0
»
Process #106: sh
1
0
»
Process #107: mv
7
0
»
Process #108: sh
1
0
»
Process #109: killall
3
0
»
Process #110: sh
1
0
»
Process #111: rm
3
0
»
Process #112: sh
1
0
»
Process #113: rm
499
0
»
Process #114: sh
1
0
»
Process #115: mv
3
0
»
Process #116: sh
1
0
»
Process #117: chmod
499
0
»
Process #118: sh
1
0
»
Process #119: chown
250
0
»
Process #120: sh
1
0
»
Process #121: rm
4
0
»
Process #122: sh
6
0
»
Process #123: date
2
0
»
Process #124: sh
1
0
»
Process #125: rm
4
0
»
Process #126: sh
6
0
»
Process #127: date
2
0
»
Process #128: sh
1
0
»
Process #129: mv
6
0
»
Process #130: sh
6
0
»
Process #131: date
2
0
»
Process #132: sh
1
0
»
Process #133: touch
2
0
»
Process #134: sh
1
0
»
Process #135: chmod
4
0
»
Process #136: sh
1
0
»
Process #137: defaults
0
0
»
Process #138: sh
6
0
»
Process #139: date
2
0
»
Process #140: sh
1
0
»
Process #141: python
7
0
»
Process #142: Python
1082
0
»
Process #143: Python
2
0
»
Process #144: defaults
2
0
»
Process #145: Python
2
0
»
Process #146: plutil
1
0
»
Process #147: Python
2
0
»
Process #148: defaults
2
0
»
Process #149: Python
2
0
»
Process #150: plutil
1
0
»
Process #151: sh
6
0
»
Process #152: date
2
0
»
Process #153: sh
1
0
»
Process #154: rm
4
0
»
Process #155: sh
1
0
»
Process #156: mkdir
1
0
»
Process #157: sh
5
0
»
Process #158: whoami
2
0
»
Process #159: sh
5
0
»
Process #160: sw_vers
1
0
»
Process #161: sh
2
0
»
Process #162: sh
5
0
»
Process #163: sh
5
0
»
Process #164: sw_vers
1
0
»
Process #165: cut
3
0
»
Process #166: sh
2
0
»
Process #167: sh
5
0
»
Process #168: sh
5
0
»
Process #169: sw_vers
1
0
»
Process #170: cut
3
0
»
Process #171: sh
1
0
»
Process #172: rm
4
0
»
Process #173: sh
6
0
»
Process #174: date
2
0
»
Process #175: sh
2
0
»
Process #176: codesign
0
0
»
Process #177: sh
1
0
»
Process #178: codesign
0
0
»
Process #179: sh
6
0
»
Process #180: date
2
0
»
Process #181: sh
5
0
»
Process #182: sh
6
0
»
Process #183: open
1
0
»
Process #184: date
2
0
»
Process #185: sh
5
0
»
Process #186: sh
6
0
»
Process #187: sh
5
0
»
Process #188: sh
107
0
»
Process #189: sh
5
0
»
Process #190: sh
5
0
»
Process #191: ps
0
0
»
Process #192: grep
3
0
»
Process #193: grep
2
0
»
Process #194: zoom.us
0
0
»
Process #195: cut
0
0
»
Process #196: sh
6
0
»
Process #197: date
2
0
»
Process #198: sh
5
0
»
Process #199: sh
6
0
»
Process #200: sh
5
0
»
Process #201: ps
0
0
»
Process #202: sh
192
0
»
Process #203: sh
5
0
»
Process #204: sh
5
0
»
Process #205: grep
4
0
»
Process #206: grep
2
0
»
Process #207: cut
0
0
»
Process #208: sh
12
0
»
Process #209: defaults
0
0
»
Process #210: sh
0
0
»
Process #211: sh
6
0
»
Process #212: sh
1
0
»
Process #213: sh
192
0
»
Process #214: ps
0
0
»
Process #215: sh
5
0
»
Process #216: sh
5
0
»
Process #217: grep
4
0
»
Process #218: grep
2
0
»
Process #219: cut
0
0
»
Process #220: unzip
8852
0
»
Process #221: chmod
250
0
»
Process #222: chown
250
0
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image