File name:

ProjectXPlayerLauncher.exe

Full analysis: https://app.any.run/tasks/63c03dff-67ec-40bd-ac63-378936f6d58e
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 20, 2024, 23:48:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

59728BDC1C21BEFE5F75978199714D39

SHA1:

07B2AD79EA99103F1C2B63C8F0E2F0914B00AA56

SHA256:

6FD40D0C186858B2C58DCA73D2E78D5114D7E37C100B5C4ABB4B5496F26FC063

SSDEEP:

12288:lYe8MGkfQUNH7YQCnx0yEIrqcC7anSv9CI7bMMjj:f8MGkfQUR7jCnx0PIuN7an3I7bMMjj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ProjectXPlayerLauncher.exe (PID: 3972)
      • RBX-13417458.tmp (PID: 4084)

    • Actions looks like stealing of personal data

      • RBX-13417458.tmp (PID: 4084)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ProjectXPlayerLauncher.exe (PID: 3972)
      • RBX-13417458.tmp (PID: 4084)

    • Reads the Internet Settings

      • RBX-13417458.tmp (PID: 4084)
      • ProjectXPlayerLauncher.exe (PID: 3972)

    • Reads security settings of Internet Explorer

      • RBX-13417458.tmp (PID: 4084)
      • ProjectXPlayerLauncher.exe (PID: 3972)

    • Potential Corporate Privacy Violation

      • ProjectXPlayerLauncher.exe (PID: 3972)
      • RBX-13417458.tmp (PID: 4084)

    • Starts application with an unusual extension

      • ProjectXPlayerLauncher.exe (PID: 3972)

  • INFO

    • Checks supported languages

      • ProjectXPlayerLauncher.exe (PID: 3972)
      • RBX-13417458.tmp (PID: 4084)

    • Reads the computer name

      • ProjectXPlayerLauncher.exe (PID: 3972)
      • RBX-13417458.tmp (PID: 4084)

    • Process checks computer location settings

      • ProjectXPlayerLauncher.exe (PID: 3972)
      • RBX-13417458.tmp (PID: 4084)

    • Create files in a temporary directory

      • RBX-13417458.tmp (PID: 4084)
      • ProjectXPlayerLauncher.exe (PID: 3972)

    • Creates files or folders in the user directory

      • ProjectXPlayerLauncher.exe (PID: 3972)
      • RBX-13417458.tmp (PID: 4084)

    • Reads the machine GUID from the registry

      • RBX-13417458.tmp (PID: 4084)
      • ProjectXPlayerLauncher.exe (PID: 3972)

    • Checks proxy server information

      • RBX-13417458.tmp (PID: 4084)
      • ProjectXPlayerLauncher.exe (PID: 3972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:23 22:53:42+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 11
CodeSize: 286208
InitializedDataSize: 602624
UninitializedDataSize: -
EntryPoint: 0x3bf6d
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.6.0.3
ProductVersionNumber: 1.6.0.3
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Project X Corporation
FileDescription: Project X
FileVersion: 1, 6, 0, 3
LegalCopyright: (C) 2024 Project X Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Project X Bootstrapper
ProductVersion: 1, 6, 0, 3
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start projectxplayerlauncher.exe rbx-13417458.tmp

Process information

PID
CMD
Path
Indicators
Parent process
3972"C:\Users\admin\AppData\Local\Temp\ProjectXPlayerLauncher.exe" C:\Users\admin\AppData\Local\Temp\ProjectXPlayerLauncher.exe
explorer.exe
User:
admin
Company:
Project X Corporation
Integrity Level:
MEDIUM
Description:
Project X
Exit code:
0
Version:
1, 6, 0, 3
Modules
Images
c:\users\admin\appdata\local\temp\projectxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
4084"C:\Users\admin\AppData\Local\Temp\RBX-13417458.tmp" C:\Users\admin\AppData\Local\Temp\RBX-13417458.tmp
ProjectXPlayerLauncher.exe
User:
admin
Company:
Project X Corporation
Integrity Level:
MEDIUM
Description:
Project X
Version:
1, 6, 0, 4
Modules
Images
c:\users\admin\appdata\local\temp\rbx-13417458.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
1 449
Read events
1 380
Write events
52
Delete events
17

Modification events

(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\ProjectX Corporation\ProjectX
Operation:writeName:CPath
Value:
C:\Users\admin\AppData\LocalLow\rbxcsettings.rbx
(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\ProjectX Corporation\ProjectX
Operation:delete valueName:curStudioVer
Value:
(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\ProjectX Corporation\ProjectX
Operation:delete valueName:curStudioUrl
Value:
(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(3972) ProjectXPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
Executable files
2
Suspicious files
3
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3972ProjectXPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\WindowsBootstrapperSettings[1].jsonbinary
MD5:0BDFB9EEB8DFC03DD0EB7233AD05836B
SHA256:649B070096F28CF132C9687C8AFF4518CBDBE5967CA3E33BBBDC5A425B115128
4084RBX-13417458.tmpC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\WindowsBootstrapperSettings[1].jsonbinary
MD5:0BDFB9EEB8DFC03DD0EB7233AD05836B
SHA256:649B070096F28CF132C9687C8AFF4518CBDBE5967CA3E33BBBDC5A425B115128
4084RBX-13417458.tmpC:\Users\admin\AppData\Local\ProjectX\Versions\version-13c4259f38dd45e\ProjectXPlayerLauncher.exeexecutable
MD5:94B8C89F1D9DB23B4D815E36034D274E
SHA256:C7CB159B9E4459606C26643DB1299BDCE6E88C538103A222073FA39996587625
3972ProjectXPlayerLauncher.exeC:\Users\admin\AppData\Local\Temp\RBX-F05D7F80.logtext
MD5:1F3A5ADE259F53F34727715CDAF845BB
SHA256:41FD152A1614F6F5B5A9F684D5F85E6D2F72EE669CE9CE7323601BA5CB743AC8
4084RBX-13417458.tmpC:\Users\admin\AppData\Local\Google\Chrome\User Data\Local Statebinary
MD5:05B6413467458139F225A4147A95E060
SHA256:FD40114DF3F73CF51E9B5C5A78BE04F725FDD7143CB5D82FF68E1EF795AE282C
3972ProjectXPlayerLauncher.exeC:\Users\admin\AppData\Local\Temp\RBX-13417458.tmpexecutable
MD5:94B8C89F1D9DB23B4D815E36034D274E
SHA256:C7CB159B9E4459606C26643DB1299BDCE6E88C538103A222073FA39996587625
4084RBX-13417458.tmpC:\Users\admin\AppData\LocalLow\rbxcsettings.rbxtext
MD5:818B469A34FD6BF9FF2C4FA463410A55
SHA256:2E81AD6E973D1B9C66E30393EFFCBE0302E15B54F183E149C1047799E88E0B1E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
20
TCP/UDP connections
24
DNS requests
2
Threats
25

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3972
ProjectXPlayerLauncher.exe
GET
200
188.114.97.9:80
http://setup.projex.zip/cdn/version-13c4259f38dd45e-ProjectXVersion.txt
unknown
unknown
3972
ProjectXPlayerLauncher.exe
GET
200
188.114.97.3:80
http://api.projex.zip/Setting/QuietGet/WindowsBootstrapperSettings/?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
unknown
unknown
3972
ProjectXPlayerLauncher.exe
GET
404
188.114.97.9:80
http://setup.projex.zip/cdn.txt
unknown
unknown
3972
ProjectXPlayerLauncher.exe
GET
404
188.114.97.9:80
http://setup.projex.zip/cdn.txt
unknown
unknown
3972
ProjectXPlayerLauncher.exe
GET
188.114.97.9:80
http://setup.projex.zip/cdn/version?guid28923
unknown
unknown
4084
RBX-13417458.tmp
GET
188.114.97.9:80
http://setup.projex.zip/cdn/version?guid3094
unknown
unknown
3972
ProjectXPlayerLauncher.exe
GET
404
188.114.97.9:80
http://setup.projex.zip/cdn/version-13c4259f38dd45e-ProjectXPlayerLauncher.exe
unknown
unknown
4084
RBX-13417458.tmp
GET
200
188.114.97.3:80
http://api.projex.zip/Setting/QuietGet/WindowsBootstrapperSettings/?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
unknown
unknown
3972
ProjectXPlayerLauncher.exe
GET
200
188.114.97.9:80
http://setup.projex.zip/cdn/version-13c4259f38dd45e-Roblox.exe
unknown
unknown
4084
RBX-13417458.tmp
GET
188.114.97.9:80
http://setup.projex.zip/cdn/version-13c4259f38dd45e-ProjectXApp2016E.zip
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
3972
ProjectXPlayerLauncher.exe
188.114.97.3:80
api.projex.zip
CLOUDFLARENET
NL
unknown
3972
ProjectXPlayerLauncher.exe
188.114.97.9:80
setup.projex.zip
CLOUDFLARENET
NL
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
4084
RBX-13417458.tmp
188.114.97.3:80
api.projex.zip
CLOUDFLARENET
NL
unknown
4084
RBX-13417458.tmp
188.114.97.9:80
setup.projex.zip
CLOUDFLARENET
NL
unknown

DNS requests

Domain
IP
Reputation
api.projex.zip
  • 188.114.97.3
  • 188.114.96.3
unknown
setup.projex.zip
  • 188.114.97.9
  • 188.114.96.9
unknown

Threats

PID
Process
Class
Message
1088
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
3972
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
1088
svchost.exe
Misc activity
ET INFO Observed DNS Query to .zip TLD
3972
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
3972
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
3972
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
3972
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
3972
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
3972
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
3972
ProjectXPlayerLauncher.exe
Misc activity
ET INFO HTTP Request to a *.zip Domain
2 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ProjectXPlayerLauncher.exe