File name:

tainstaller_OldVersion.exe

Full analysis: https://app.any.run/tasks/2411a916-f0c8-43a4-87b4-91f40ecc4fce
Verdict: Malicious activity
Analysis date: November 29, 2023, 14:26:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

D4D9D7D101032770DA0CA880CF5CDEA9

SHA1:

9D37719B8A298C7B15410141C6661544F299CBBA

SHA256:

0A1A6B8722EFCD0729E599AE76FDD0FF366C5F1CD5F174DA78E5005CB2A39531

SSDEEP:

98304:jp7pbIEb3NRrJeikRFMTFOt8EQ1vKhKmeg9DVIf/kEdAo8PlGUNmS9OnjBn7m:woE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • tainstaller_OldVersion.exe (PID: 2476)

  • SUSPICIOUS

    • Reads the Internet Settings

      • tainstaller_OldVersion.exe (PID: 2476)

    • Reads settings of System Certificates

      • tainstaller_OldVersion.exe (PID: 2476)

  • INFO

    • Checks supported languages

      • tainstaller_OldVersion.exe (PID: 2476)
      • wmpnscfg.exe (PID: 292)

    • Creates files in the program directory

      • tainstaller_OldVersion.exe (PID: 2476)

    • Reads the machine GUID from the registry

      • tainstaller_OldVersion.exe (PID: 2476)
      • wmpnscfg.exe (PID: 292)

    • Reads the computer name

      • wmpnscfg.exe (PID: 292)
      • tainstaller_OldVersion.exe (PID: 2476)

    • Reads Environment values

      • tainstaller_OldVersion.exe (PID: 2476)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 292)

    • Process checks are UAC notifies on

      • tainstaller_OldVersion.exe (PID: 2476)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:11:07 17:53:11+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 3460608
InitializedDataSize: 301056
UninitializedDataSize: -
EntryPoint: 0x34edce
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.1.1849
ProductVersionNumber: 1.0.1.1849
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: 1.0.0.60
CompanyName: -
FileDescription: HP Insights Updater
FileVersion: 1.0.1.1849
InternalName: TAInstaller.exe
LegalCopyright: © Copyright 2023 HP Development Company, L.P.
LegalTrademarks: -
OriginalFileName: TAInstaller.exe
ProductName: HP Insights Updater
ProductVersion: 1.0.1.1849
AssemblyVersion: 1.0.1.1849
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start tainstaller_oldversion.exe wmpnscfg.exe no specs tainstaller_oldversion.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
292"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
2476"C:\Users\admin\AppData\Local\Temp\tainstaller_OldVersion.exe" C:\Users\admin\AppData\Local\Temp\tainstaller_OldVersion.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
HP Insights Updater
Exit code:
9
Version:
1.0.1.1849
Modules
Images
c:\users\admin\appdata\local\temp\tainstaller_oldversion.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2692"C:\Users\admin\AppData\Local\Temp\tainstaller_OldVersion.exe" C:\Users\admin\AppData\Local\Temp\tainstaller_OldVersion.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
HP Insights Updater
Exit code:
3221226540
Version:
1.0.1.1849
Modules
Images
c:\users\admin\appdata\local\temp\tainstaller_oldversion.exe
c:\windows\system32\ntdll.dll
Total events
4 818
Read events
4 802
Write events
13
Delete events
3

Modification events

(PID) Process:(2476) tainstaller_OldVersion.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(292) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{BFB9ECF3-DD8C-4A4A-AC82-D9D8C15DC179}\{03901C22-34B8-4C6E-A70A-132B904877F6}
Operation:delete keyName:(default)
Value:
(PID) Process:(292) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{BFB9ECF3-DD8C-4A4A-AC82-D9D8C15DC179}
Operation:delete keyName:(default)
Value:
(PID) Process:(292) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{FBC75D9A-1E08-4859-BB31-5537A41A182F}
Operation:delete keyName:(default)
Value:
(PID) Process:(2476) tainstaller_OldVersion.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl\Performance
Operation:writeName:1008
Value:
07B271BDDBB0D601
Executable files
2
Suspicious files
4
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
2476tainstaller_OldVersion.exeC:\Program Files\HP\HP Touchpoint Analytics Client Installer\TAInstaller.exeexecutable
MD5:D4D9D7D101032770DA0CA880CF5CDEA9
SHA256:0A1A6B8722EFCD0729E599AE76FDD0FF366C5F1CD5F174DA78E5005CB2A39531
2476tainstaller_OldVersion.exeC:\ProgramData\HP\TAInstaller\CertConfig\root-pinset.jsonbinary
MD5:F7CF312022605F89BAA1511764D39F40
SHA256:DD4985090196F4AC1A2AA8F79FAD3F4CC42FE5728A5FFA4F780FE04ECC4F5E5F
2476tainstaller_OldVersion.exeC:\ProgramData\HP\TAInstaller\CertConfig\leaf-pinset-header.cachedtext
MD5:B6D00D7083EFBF2E26385FB90652AE74
SHA256:839134D84FA485B42109E7B883D23D442843FE1F978EC92625E9C5ECFDECD2F3
2476tainstaller_OldVersion.exeC:\ProgramData\HP\TAInstaller\CertConfig\taiconfig-header-hash.cachedtext
MD5:17601BA3605C16F59299320610424690
SHA256:17B471F642EBDB65B3C69CB23D4AC4243E38134C7C47BAAD27ADD8AFC6A7AA32
2476tainstaller_OldVersion.exeC:\ProgramData\HP\TAInstaller\log_20231129.txttext
MD5:A456C87CA8A40606D7DDC36561A98565
SHA256:A0C0E0865B11BFDAED9612AEBC0FD7E0CEE1B727299A7BA95552AFEAEC98420C
2476tainstaller_OldVersion.exeC:\ProgramData\HP\TAInstaller\selfupdate.cachetext
MD5:802A111F52EEAF96EC08ED9FFEDBA6CF
SHA256:0C1AC189B5AFA0B0EA8EF46716E328A1A25C2C05B3302680EABCA39300605733
2476tainstaller_OldVersion.exeC:\ProgramData\HP\TAInstaller\Data_Bin\data.bintext
MD5:DD0B7DDFD54C600A32D132AD00FD4FAA
SHA256:2656CD4CB43477409EFD71678DDDEBE40FA81D46C5A38852168C56331D2B9519
2476tainstaller_OldVersion.exeC:\ProgramData\HP\TAInstaller\FusionNullDriver\hpanalyticscomp.infbinary
MD5:1C3D9A1AEC06C15084A991F90ADF8713
SHA256:E4CB3F295D80F42DCD48184D1FED456250F1D503382181E7C53C574517712692
2476tainstaller_OldVersion.exeC:\ProgramData\HP\TAInstaller\TAIExecution.cachetext
MD5:1E4C584660409633915D79FBE9A52934
SHA256:72815CE7040CD1DA9B22DD1CD1215FCA6D095FF09A2853BFD5B33CD60E019B51
2476tainstaller_OldVersion.exeC:\Program Files\HP\HP Touchpoint Analytics Client\TAInstaller.exeexecutable
MD5:D4D9D7D101032770DA0CA880CF5CDEA9
SHA256:0A1A6B8722EFCD0729E599AE76FDD0FF366C5F1CD5F174DA78E5005CB2A39531
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
7
DNS requests
2
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
2476
tainstaller_OldVersion.exe
65.9.95.68:443
downloads.hpdaas.com
AMAZON-02
US
unknown
2476
tainstaller_OldVersion.exe
65.9.95.12:443
downloads.hpanalytics.net
AMAZON-02
US
unknown

DNS requests

Domain
IP
Reputation
downloads.hpdaas.com
  • 65.9.95.68
  • 65.9.95.58
  • 65.9.95.20
  • 65.9.95.47
shared
downloads.hpanalytics.net
  • 65.9.95.12
  • 65.9.95.7
  • 65.9.95.64
  • 65.9.95.115
unknown

Threats

No threats detected
Process
Message
tainstaller_OldVersion.exe
11/29/2023 2:26:15 PM - Global TAInstaller new mutex created
tainstaller_OldVersion.exe
tainstaller_OldVersion.exe Information: 0 :
tainstaller_OldVersion.exe
11/29/2023 2:26:15 PM - remove schedule task - Remove HP TechPulse Installer
tainstaller_OldVersion.exe
tainstaller_OldVersion.exe Information: 0 :
tainstaller_OldVersion.exe
11/29/2023 2:26:15 PM - MDMKey does not exist at 32-bit location
tainstaller_OldVersion.exe
tainstaller_OldVersion.exe Information: 0 :
tainstaller_OldVersion.exe
tainstaller_OldVersion.exe Information: 0 :
tainstaller_OldVersion.exe
11/29/2023 2:26:15 PM - Init Device Policy Data updater.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
tainstaller_OldVersion.exe