File name:

CatsxpBrowserOnlineSetup64.exe

Full analysis: https://app.any.run/tasks/b4247e06-6cd4-4626-ad48-44757c52a8d7
Verdict: Malicious activity
Analysis date: September 02, 2024, 05:11:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

982D3194056EF03C9DB1F3F5C4A96958

SHA1:

ADBACFB5B9D6F5A7D519F47F19FFBCC32858E1E5

SHA256:

9855AABDAA1FFB94B3154563E532F29B7238E0926DF40B4D4A184361924914B5

SSDEEP:

49152:E/8rCHcWG/s+/IMTt8mra3qouYyWRYCUmR922fbFHL2hGulMlt+kl9qorI3FRfxD:ccMEIJPtUM92eFC/Mlt+klQo03FFxSB6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • CatsxpUpdate.exe (PID: 4592)

    • Executable content was dropped or overwritten

      • CatsxpBrowserOnlineSetup64.exe (PID: 6152)

    • Reads the date of Windows installation

      • CatsxpUpdate.exe (PID: 4592)

    • Starts itself from another location

      • CatsxpUpdate.exe (PID: 1616)

    • Drops the executable file immediately after the start

      • CatsxpBrowserOnlineSetup64.exe (PID: 6152)

  • INFO

    • Reads the computer name

      • CatsxpUpdate.exe (PID: 4592)

    • Checks supported languages

      • CatsxpBrowserOnlineSetup64.exe (PID: 6152)
      • CatsxpUpdate.exe (PID: 4592)

    • Create files in a temporary directory

      • CatsxpBrowserOnlineSetup64.exe (PID: 6152)

    • Process checks computer location settings

      • CatsxpUpdate.exe (PID: 4592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:25 05:20:52+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 102912
InitializedDataSize: 1000448
UninitializedDataSize: -
EntryPoint: 0x699b
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.36.261
ProductVersionNumber: 1.3.36.261
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: CatsxpSoftware Inc.
FileDescription: CatsxpSoftware Update Setup
FileVersion: 1.3.36.261
InternalName: CatsxpSoftware Update Setup
LegalCopyright: Copyright 2019-2023 CatsxpSoftware LLC
OriginalFileName: CatsxpUpdateSetup.exe
ProductName: CatsxpSoftware Update
ProductVersion: 1.3.36.261
LanguageId: en
PrivateBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
123
Monitored processes
9
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start catsxpbrowseronlinesetup64.exe catsxpupdate.exe no specs catsxpupdatesetup.exe catsxpupdate.exe no specs catsxpupdate.exe no specs catsxpupdate.exe no specs catsxpupdatecomregistershell64.exe no specs catsxpupdatecomregistershell64.exe no specs catsxpupdatecomregistershell64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1616"C:\Program Files (x86)\CatsxpSoftware\Temp\GUMAC84.tmp\CatsxpUpdate.exe" /installsource taggedmi /install "appguid={485AC8F6-31A4-3283-B765-92E31A816C51}&appname=Catsxp-Release&needsadmin=prefers&ap=x64-release&referral=none" /installelevatedC:\Program Files (x86)\CatsxpSoftware\Temp\GUMAC84.tmp\CatsxpUpdate.exeCatsxpUpdateSetup.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
HIGH
Description:
CatsxpSoftware Update
Version:
1.3.36.261
2136"C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exe" C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exeCatsxpUpdate.exe
User:
admin
Integrity Level:
HIGH
3104"C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exe" C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exeCatsxpUpdate.exe
User:
admin
Integrity Level:
HIGH
4592C:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdate.exe /installsource taggedmi /install "appguid={485AC8F6-31A4-3283-B765-92E31A816C51}&appname=Catsxp-Release&needsadmin=prefers&ap=x64-release&referral=none"C:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdate.exeCatsxpBrowserOnlineSetup64.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
MEDIUM
Description:
CatsxpSoftware Update
Version:
1.3.36.261
Modules
Images
c:\users\admin\appdata\local\temp\guma783.tmp\catsxpupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4668"C:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateSetup.exe" /installsource taggedmi /install "appguid={485AC8F6-31A4-3283-B765-92E31A816C51}&appname=Catsxp-Release&needsadmin=prefers&ap=x64-release&referral=none" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateSetup.exe
CatsxpUpdate.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
HIGH
Description:
CatsxpSoftware Update Setup
Version:
1.3.36.261
5244"C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exe" C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exeCatsxpUpdate.exe
User:
admin
Integrity Level:
HIGH
5544"C:\Program Files (x86)\CatsxpSoftware\Update\CatsxpUpdate.exe" /regserverC:\Program Files (x86)\CatsxpSoftware\Update\CatsxpUpdate.exeCatsxpUpdate.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
HIGH
Description:
CatsxpSoftware Update
Version:
1.3.36.261
6152"C:\Users\admin\Desktop\CatsxpBrowserOnlineSetup64.exe" C:\Users\admin\Desktop\CatsxpBrowserOnlineSetup64.exe
explorer.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
MEDIUM
Description:
CatsxpSoftware Update Setup
Version:
1.3.36.261
Modules
Images
c:\users\admin\desktop\catsxpbrowseronlinesetup64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
6840"C:\Program Files (x86)\CatsxpSoftware\Update\CatsxpUpdate.exe" /regsvcC:\Program Files (x86)\CatsxpSoftware\Update\CatsxpUpdate.exeCatsxpUpdate.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
HIGH
Description:
CatsxpSoftware Update
Exit code:
0
Version:
1.3.36.261
Total events
3 500
Read events
3 499
Write events
1
Delete events
0

Modification events

(PID) Process:(6152) CatsxpBrowserOnlineSetup64.exeKey:HKEY_CURRENT_USER\SOFTWARE\CatsxpSoftware\Promo
Operation:writeName:StubInstallerPath
Value:
C:\Users\admin\Desktop\CatsxpBrowserOnlineSetup64.exe
Executable files
68
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateComRegisterShell64.exeexecutable
MD5:84F4C573FC793C500907DC5092C49E26
SHA256:A025CA92D6B98E1DF5D01D4C210565240B75F42B7B0F3CF19465A951AA16F57E
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateBroker.exeexecutable
MD5:75F57CEB4466FEE8AE0B87A17DF943D9
SHA256:45EAB99BE7665DA2BE3EFDE677424BCE5DD0768CD638C85B8FE3FD3B65C9C9B0
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\goopdateres_cs.dllexecutable
MD5:E94B46199A5B6E73F5F88D0A7637FDF1
SHA256:7777E16A098455DEC303B772706B5C50167E873E509087D1904EE4F611320E1B
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\psuser.dllexecutable
MD5:48B4044C6294E3FAD2896A8AC81417E9
SHA256:F3B1CE0C8C7C1158C5B00E398DEF17DD0CE3F9378F33BAC0655D6F3696121950
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpCrashHandler.exeexecutable
MD5:43535F5C0D426B8DD93816CA0259F169
SHA256:806C5E94BD00DA7EB792536B19A0ACA17A9712784BC5AD9F6841B759AD3EF1DB
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdate.exeexecutable
MD5:9BA851D0C8214D64C9B5388D13544344
SHA256:02FD66B549B9E88ECB0529C3F1EE68E1D83C62597F3AFD2969D866DB6B19CEF2
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\psuser_64.dllexecutable
MD5:5E8E5AC718EC36FB1C5E07E111C4F852
SHA256:986D8423DA68359D1281F34449DFB8907B5C5F5C28FE019E2140652821274E07
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateCore.exeexecutable
MD5:0882ECAF5F2B474979A77985BBB42645
SHA256:5A0223A6ED7150F32148AA76FBF5BF3B901F97905BDD519B943B0590B0D9923B
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\goopdateres_da.dllexecutable
MD5:96B6CFF4E921415A2E062631C07DEC12
SHA256:8F09311BE9B4F6B19C91D66170E7DB4C7BE75AE7A0691FE2FA21BBA785A75661
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpCrashHandler64.exeexecutable
MD5:83DC311903B013643B1A69F0A982B07B
SHA256:D6A8FDA3D3484E77D9B8789DF2819DD7C4DEA97DDC09ED70A163772848C2A0B9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
20
DNS requests
5
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
502
59.47.225.50:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
unknown
HEAD
502
59.47.225.50:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
unknown
GET
502
59.47.225.42:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
unknown
HEAD
502
59.47.225.57:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
unknown
HEAD
502
59.47.237.131:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
unknown
GET
502
59.47.225.41:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
unknown
HEAD
200
47.79.64.232:443
https://catsxp.oss-cn-hongkong.aliyuncs.com/x64/catsxp_installer_128_4_9_1.exe
unknown
unknown
GET
47.79.64.232:443
https://catsxp.oss-cn-hongkong.aliyuncs.com/x64/catsxp_installer_128_4_9_1.exe
unknown
unknown
POST
200
15.165.5.45:443
https://www.catsxp.com/api/service/update
unknown
xml
269 b
unknown
GET
200
15.165.5.45:443
https://www.catsxp.com/installers/icons/%7B485AC8F6-31A4-3283-B765-92E31A816C51%7D.bmp
unknown
image
6.52 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:138
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
15.165.5.45:443
www.catsxp.com
AMAZON-02
KR
unknown
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
239.255.255.250:1900
whitelisted
59.47.237.131:443
vip.123pan.cn
CHINATELECOM Liaoning Benxi MAN
CN
unknown
47.79.64.232:443
catsxp.oss-cn-hongkong.aliyuncs.com
WINDSTREAM
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.181.238
whitelisted
www.catsxp.com
  • 15.165.5.45
unknown
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
vip.123pan.cn
  • 59.47.237.131
  • 59.47.237.141
  • 59.47.225.41
  • 59.47.225.50
  • 59.47.225.54
  • 59.47.225.52
  • 59.47.225.124
  • 59.47.225.55
  • 59.47.225.57
  • 59.47.225.56
  • 59.47.237.138
unknown
catsxp.oss-cn-hongkong.aliyuncs.com
  • 47.79.64.232
unknown

Threats

PID
Process
Class
Message
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
6 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CatsxpBrowserOnlineSetup64.exe