URL:

https://www.projex.zip/cdn/ProjectXPlayerLauncher.exe

Full analysis: https://app.any.run/tasks/31c57b6d-78d6-4ab9-a208-a8c007c73d41
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 17, 2024, 16:51:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

6EBF7D94D5127372F82131C826069730

SHA1:

D9182A4BA25389999FC419496B351ED159F9DD3B

SHA256:

106F00D05E4BAE0568AC69A6D7037915A769C982DDCD87C8C330B944AEBA80F4

SSDEEP:

3:N8DSLoPGcKM4Gy55LGDdA:2OLROA5cdA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Actions looks like stealing of personal data

      • RBX-F7B024FD.tmp (PID: 1652)

  • SUSPICIOUS

    • Process requests binary or script from the Internet

      • ProjectXPlayerLauncher.exe (PID: 1112)

    • Starts application with an unusual extension

      • ProjectXPlayerLauncher.exe (PID: 1112)

    • Reads the Internet Settings

      • RBX-F7B024FD.tmp (PID: 1652)
      • ProjectXPlayerLauncher.exe (PID: 1112)

    • Reads security settings of Internet Explorer

      • RBX-F7B024FD.tmp (PID: 1652)
      • ProjectXPlayerLauncher.exe (PID: 1112)

    • Executable content was dropped or overwritten

      • RBX-F7B024FD.tmp (PID: 1652)
      • ProjectXPlayerLauncher.exe (PID: 1112)

    • Potential Corporate Privacy Violation

      • RBX-F7B024FD.tmp (PID: 1652)
      • ProjectXPlayerLauncher.exe (PID: 1112)

  • INFO

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 4024)
      • iexplore.exe (PID: 3964)

    • Application launched itself

      • iexplore.exe (PID: 3964)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3964)

    • Reads the machine GUID from the registry

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Checks supported languages

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)
      • wmpnscfg.exe (PID: 2276)

    • Reads the computer name

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)
      • wmpnscfg.exe (PID: 2276)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 4024)
      • iexplore.exe (PID: 3964)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3964)

    • Create files in a temporary directory

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Checks proxy server information

      • RBX-F7B024FD.tmp (PID: 1652)
      • ProjectXPlayerLauncher.exe (PID: 1112)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2276)

    • Process checks computer location settings

      • RBX-F7B024FD.tmp (PID: 1652)
      • ProjectXPlayerLauncher.exe (PID: 1112)

    • Creates files or folders in the user directory

      • RBX-F7B024FD.tmp (PID: 1652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe projectxplayerlauncher.exe rbx-f7b024fd.tmp wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1112"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ProjectXPlayerLauncher.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ProjectXPlayerLauncher.exe
iexplore.exe
User:
admin
Company:
Project X Corporation
Integrity Level:
MEDIUM
Description:
Project X
Exit code:
0
Version:
1, 6, 0, 3
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\projectxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1652"C:\Users\admin\AppData\Local\Temp\RBX-F7B024FD.tmp" C:\Users\admin\AppData\Local\Temp\RBX-F7B024FD.tmp
ProjectXPlayerLauncher.exe
User:
admin
Company:
Project X Corporation
Integrity Level:
MEDIUM
Description:
Project X
Version:
1, 6, 0, 4
Modules
Images
c:\users\admin\appdata\local\temp\rbx-f7b024fd.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2276"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3964"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.projex.zip/cdn/ProjectXPlayerLauncher.exe"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4024"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3964 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
21 598
Read events
21 407
Write events
145
Delete events
46

Modification events

(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31107194
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31107194
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
4
Suspicious files
23
Text files
16
Unknown types
2

Dropped files

PID
Process
Filename
Type
4024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ProjectXPlayerLauncher.exe.mkxrjhq.partial
MD5:
SHA256:
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
4024iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab34AE.tmpcompressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:6ACFDAF2B8ADBEB05EE122894F841944
SHA256:69C59FA80625BC4C0D6A0498252EA7C69F29543A6ED8CB56F4BC799CD3FAE507
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:5AE8478AF8DD6EEC7AD4EDF162DD3DF1
SHA256:FE42AC92EAE3B2850370B73C3691CCF394C23AB6133DE39F1697A6EBAC4BEDCA
4024iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Cab34B0.tmpcompressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
4024iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\Tar34C1.tmpbinary
MD5:435A9AC180383F9FA094131B173A2F7B
SHA256:67DC37ED50B8E63272B49A254A6039EE225974F1D767BB83EB1FD80E759A7C34
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:4B9E2C53CDA0A0EF6456EDEB352EC761
SHA256:3AB7EE96DED171517CA711B7B354C809B48EB86EFC573C560DD83E0C5E7A7F50
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:25D2058F9BC62FB43175EAD8CB3E6921
SHA256:F931A4744497D1C456245FC823A8E08BB550E3C8805276D254977596404AAFE4
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:A02C73BFE5083B7FF46E52A9D6200721
SHA256:69A10FBE3761DE48802EBD2610387A6182416389752B0DEDC11052B4836A517A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
44
DNS requests
17
Threats
26

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4024
iexplore.exe
GET
304
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?30bfcba95dc85498
unknown
unknown
4024
iexplore.exe
GET
304
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fdb53f965dd08005
unknown
unknown
4024
iexplore.exe
GET
200
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a579c701ab7af5ef
unknown
unknown
4024
iexplore.exe
GET
200
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a921a978dd985ae4
unknown
unknown
4024
iexplore.exe
GET
200
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?aa27c982be707355
unknown
unknown
4024
iexplore.exe
GET
200
2.19.217.103:80
http://x1.c.lencr.org/
unknown
unknown
4024
iexplore.exe
GET
200
2.19.217.103:80
http://x2.c.lencr.org/
unknown
unknown
1112
ProjectXPlayerLauncher.exe
GET
188.114.97.3:80
http://setup.projex.zip/cdn/version?guid17534
unknown
unknown
GET
404
188.114.97.3:80
http://api.projex.zip/Setting/QuietGet/WindowsBootstrapperSettings/?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
unknown
unknown
1112
ProjectXPlayerLauncher.exe
GET
404
188.114.97.3:80
http://setup.projex.zip/cdn.txt
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4024
iexplore.exe
188.114.96.3:443
www.projex.zip
CLOUDFLARENET
NL
unknown
4024
iexplore.exe
217.20.57.24:80
ctldl.windowsupdate.com
US
unknown
4024
iexplore.exe
2.19.217.103:80
x1.c.lencr.org
Akamai International B.V.
NL
unknown
1112
ProjectXPlayerLauncher.exe
188.114.97.3:80
www.projex.zip
CLOUDFLARENET
NL
unknown
1652
RBX-F7B024FD.tmp
188.114.97.3:80
www.projex.zip
CLOUDFLARENET
NL
unknown
3964
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
www.projex.zip
  • 188.114.96.3
  • 188.114.97.3
unknown
ctldl.windowsupdate.com
  • 217.20.57.24
  • 217.20.57.26
  • 217.20.57.36
  • 217.20.57.41
  • 217.20.57.19
  • 217.20.57.23
  • 217.20.57.35
  • 217.20.57.43
  • 217.20.57.37
  • 217.20.57.38
  • 217.20.57.21
whitelisted
x1.c.lencr.org
  • 2.19.217.103
whitelisted
x2.c.lencr.org
  • 2.19.217.103
whitelisted
api.projex.zip
  • 188.114.97.3
  • 188.114.96.3
unknown
setup.projex.zip
  • 188.114.97.3
  • 188.114.96.3
unknown
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ieonline.microsoft.com
  • 204.79.197.200
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
1088
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
1088
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
Misc activity
ET INFO HTTP Request to a *.zip Domain
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.projex.zip/cdn/ProjectXPlayerLauncher.exe