URL:

https://www.projex.zip/cdn/ProjectXPlayerLauncher.exe

Full analysis: https://app.any.run/tasks/31c57b6d-78d6-4ab9-a208-a8c007c73d41
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 17, 2024, 16:51:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

6EBF7D94D5127372F82131C826069730

SHA1:

D9182A4BA25389999FC419496B351ED159F9DD3B

SHA256:

106F00D05E4BAE0568AC69A6D7037915A769C982DDCD87C8C330B944AEBA80F4

SSDEEP:

3:N8DSLoPGcKM4Gy55LGDdA:2OLROA5cdA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Actions looks like stealing of personal data

      • RBX-F7B024FD.tmp (PID: 1652)

  • SUSPICIOUS

    • Reads the Internet Settings

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Reads security settings of Internet Explorer

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Potential Corporate Privacy Violation

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Process requests binary or script from the Internet

      • ProjectXPlayerLauncher.exe (PID: 1112)

    • Starts application with an unusual extension

      • ProjectXPlayerLauncher.exe (PID: 1112)

    • Executable content was dropped or overwritten

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

  • INFO

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 4024)
      • iexplore.exe (PID: 3964)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 4024)
      • iexplore.exe (PID: 3964)

    • Application launched itself

      • iexplore.exe (PID: 3964)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3964)

    • Checks supported languages

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)
      • wmpnscfg.exe (PID: 2276)

    • Create files in a temporary directory

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Reads the computer name

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • wmpnscfg.exe (PID: 2276)
      • RBX-F7B024FD.tmp (PID: 1652)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3964)

    • Checks proxy server information

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Reads the machine GUID from the registry

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Process checks computer location settings

      • ProjectXPlayerLauncher.exe (PID: 1112)
      • RBX-F7B024FD.tmp (PID: 1652)

    • Creates files or folders in the user directory

      • RBX-F7B024FD.tmp (PID: 1652)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2276)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe projectxplayerlauncher.exe rbx-f7b024fd.tmp wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1112"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ProjectXPlayerLauncher.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ProjectXPlayerLauncher.exe
iexplore.exe
User:
admin
Company:
Project X Corporation
Integrity Level:
MEDIUM
Description:
Project X
Exit code:
0
Version:
1, 6, 0, 3
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\b6qgx7lp\projectxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1652"C:\Users\admin\AppData\Local\Temp\RBX-F7B024FD.tmp" C:\Users\admin\AppData\Local\Temp\RBX-F7B024FD.tmp
ProjectXPlayerLauncher.exe
User:
admin
Company:
Project X Corporation
Integrity Level:
MEDIUM
Description:
Project X
Version:
1, 6, 0, 4
Modules
Images
c:\users\admin\appdata\local\temp\rbx-f7b024fd.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2276"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3964"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.projex.zip/cdn/ProjectXPlayerLauncher.exe"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
4024"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3964 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
21 598
Read events
21 407
Write events
145
Delete events
46

Modification events

(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31107194
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31107194
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3964) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
4
Suspicious files
23
Text files
16
Unknown types
2

Dropped files

PID
Process
Filename
Type
4024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ProjectXPlayerLauncher.exe.mkxrjhq.partial
MD5:
SHA256:
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:A02C73BFE5083B7FF46E52A9D6200721
SHA256:69A10FBE3761DE48802EBD2610387A6182416389752B0DEDC11052B4836A517A
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:29F65BA8E88C063813CC50A4EA544E93
SHA256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61binary
MD5:4B9E2C53CDA0A0EF6456EDEB352EC761
SHA256:3AB7EE96DED171517CA711B7B354C809B48EB86EFC573C560DD83E0C5E7A7F50
4024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:25D2058F9BC62FB43175EAD8CB3E6921
SHA256:F931A4744497D1C456245FC823A8E08BB550E3C8805276D254977596404AAFE4
3964iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{C329633B-146D-11EF-9E36-12A9866C77DE}.datbinary
MD5:F5686C049932658645AED5032D50B459
SHA256:93BF36C33D22766801DC42535B7FCA9BFB76FA78B33F75FD490C1C4D4F3CEB79
3964iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ProjectXPlayerLauncher.exeexecutable
MD5:59728BDC1C21BEFE5F75978199714D39
SHA256:6FD40D0C186858B2C58DCA73D2E78D5114D7E37C100B5C4ABB4B5496F26FC063
1112ProjectXPlayerLauncher.exeC:\Users\admin\AppData\Local\Temp\RBX-F7B024FD.tmpexecutable
MD5:94B8C89F1D9DB23B4D815E36034D274E
SHA256:C7CB159B9E4459606C26643DB1299BDCE6E88C538103A222073FA39996587625
1112ProjectXPlayerLauncher.exeC:\Users\admin\AppData\Local\Temp\RBX-63E4156A.logtext
MD5:E305B2BF8DF0BC7FC8D3DD7DDBBDA760
SHA256:8DBD9F5EEB08B9F95D9C5713EC2B2BADFFA87D60201008527FD9A9FC34AC6755
1652RBX-F7B024FD.tmpC:\Users\admin\AppData\LocalLow\rbxcsettings.rbxtext
MD5:818B469A34FD6BF9FF2C4FA463410A55
SHA256:2E81AD6E973D1B9C66E30393EFFCBE0302E15B54F183E149C1047799E88E0B1E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
44
DNS requests
17
Threats
26

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4024
iexplore.exe
GET
304
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?30bfcba95dc85498
unknown
unknown
4024
iexplore.exe
GET
304
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fdb53f965dd08005
unknown
unknown
4024
iexplore.exe
GET
200
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?aa27c982be707355
unknown
unknown
4024
iexplore.exe
GET
200
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a579c701ab7af5ef
unknown
unknown
4024
iexplore.exe
GET
200
217.20.57.24:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a921a978dd985ae4
unknown
unknown
4024
iexplore.exe
GET
200
2.19.217.103:80
http://x2.c.lencr.org/
unknown
unknown
GET
404
188.114.97.3:80
http://api.projex.zip/Setting/QuietGet/WindowsBootstrapperSettings/?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
unknown
unknown
4024
iexplore.exe
GET
200
2.19.217.103:80
http://x1.c.lencr.org/
unknown
unknown
1112
ProjectXPlayerLauncher.exe
GET
188.114.97.3:80
http://setup.projex.zip/cdn/version?guid17534
unknown
unknown
1112
ProjectXPlayerLauncher.exe
GET
200
188.114.97.3:80
http://setup.projex.zip/cdn/version-13c4259f38dd45e-ProjectXVersion.txt
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4024
iexplore.exe
188.114.96.3:443
www.projex.zip
CLOUDFLARENET
NL
unknown
4024
iexplore.exe
217.20.57.24:80
ctldl.windowsupdate.com
US
unknown
4024
iexplore.exe
2.19.217.103:80
x1.c.lencr.org
Akamai International B.V.
NL
unknown
1112
ProjectXPlayerLauncher.exe
188.114.97.3:80
www.projex.zip
CLOUDFLARENET
NL
unknown
1652
RBX-F7B024FD.tmp
188.114.97.3:80
www.projex.zip
CLOUDFLARENET
NL
unknown
3964
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
www.projex.zip
  • 188.114.96.3
  • 188.114.97.3
unknown
ctldl.windowsupdate.com
  • 217.20.57.24
  • 217.20.57.26
  • 217.20.57.36
  • 217.20.57.41
  • 217.20.57.19
  • 217.20.57.23
  • 217.20.57.35
  • 217.20.57.43
  • 217.20.57.37
  • 217.20.57.38
  • 217.20.57.21
whitelisted
x1.c.lencr.org
  • 2.19.217.103
whitelisted
x2.c.lencr.org
  • 2.19.217.103
whitelisted
api.projex.zip
  • 188.114.97.3
  • 188.114.96.3
unknown
setup.projex.zip
  • 188.114.97.3
  • 188.114.96.3
unknown
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ieonline.microsoft.com
  • 204.79.197.200
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
1088
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
1088
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
Misc activity
ET INFO HTTP Request to a *.zip Domain
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
1112
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.projex.zip/cdn/ProjectXPlayerLauncher.exe