File name:

CatsxpBrowserOnlineSetup64.exe

Full analysis: https://app.any.run/tasks/b4247e06-6cd4-4626-ad48-44757c52a8d7
Verdict: Malicious activity
Analysis date: September 02, 2024, 05:11:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

982D3194056EF03C9DB1F3F5C4A96958

SHA1:

ADBACFB5B9D6F5A7D519F47F19FFBCC32858E1E5

SHA256:

9855AABDAA1FFB94B3154563E532F29B7238E0926DF40B4D4A184361924914B5

SSDEEP:

49152:E/8rCHcWG/s+/IMTt8mra3qouYyWRYCUmR922fbFHL2hGulMlt+kl9qorI3FRfxD:ccMEIJPtUM92eFC/Mlt+klQo03FFxSB6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • CatsxpBrowserOnlineSetup64.exe (PID: 6152)

    • Executable content was dropped or overwritten

      • CatsxpBrowserOnlineSetup64.exe (PID: 6152)

    • Reads security settings of Internet Explorer

      • CatsxpUpdate.exe (PID: 4592)

    • Reads the date of Windows installation

      • CatsxpUpdate.exe (PID: 4592)

    • Starts itself from another location

      • CatsxpUpdate.exe (PID: 1616)

  • INFO

    • Checks supported languages

      • CatsxpBrowserOnlineSetup64.exe (PID: 6152)
      • CatsxpUpdate.exe (PID: 4592)

    • Reads the computer name

      • CatsxpUpdate.exe (PID: 4592)

    • Create files in a temporary directory

      • CatsxpBrowserOnlineSetup64.exe (PID: 6152)

    • Process checks computer location settings

      • CatsxpUpdate.exe (PID: 4592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:07:25 05:20:52+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 102912
InitializedDataSize: 1000448
UninitializedDataSize: -
EntryPoint: 0x699b
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.36.261
ProductVersionNumber: 1.3.36.261
FileFlagsMask: 0x003f
FileFlags: Private build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: CatsxpSoftware Inc.
FileDescription: CatsxpSoftware Update Setup
FileVersion: 1.3.36.261
InternalName: CatsxpSoftware Update Setup
LegalCopyright: Copyright 2019-2023 CatsxpSoftware LLC
OriginalFileName: CatsxpUpdateSetup.exe
ProductName: CatsxpSoftware Update
ProductVersion: 1.3.36.261
LanguageId: en
PrivateBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
123
Monitored processes
9
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start catsxpbrowseronlinesetup64.exe catsxpupdate.exe no specs catsxpupdatesetup.exe catsxpupdate.exe no specs catsxpupdate.exe no specs catsxpupdate.exe no specs catsxpupdatecomregistershell64.exe no specs catsxpupdatecomregistershell64.exe no specs catsxpupdatecomregistershell64.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1616"C:\Program Files (x86)\CatsxpSoftware\Temp\GUMAC84.tmp\CatsxpUpdate.exe" /installsource taggedmi /install "appguid={485AC8F6-31A4-3283-B765-92E31A816C51}&appname=Catsxp-Release&needsadmin=prefers&ap=x64-release&referral=none" /installelevatedC:\Program Files (x86)\CatsxpSoftware\Temp\GUMAC84.tmp\CatsxpUpdate.exeCatsxpUpdateSetup.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
HIGH
Description:
CatsxpSoftware Update
Version:
1.3.36.261
2136"C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exe" C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exeCatsxpUpdate.exe
User:
admin
Integrity Level:
HIGH
3104"C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exe" C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exeCatsxpUpdate.exe
User:
admin
Integrity Level:
HIGH
4592C:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdate.exe /installsource taggedmi /install "appguid={485AC8F6-31A4-3283-B765-92E31A816C51}&appname=Catsxp-Release&needsadmin=prefers&ap=x64-release&referral=none"C:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdate.exeCatsxpBrowserOnlineSetup64.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
MEDIUM
Description:
CatsxpSoftware Update
Version:
1.3.36.261
Modules
Images
c:\users\admin\appdata\local\temp\guma783.tmp\catsxpupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4668"C:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateSetup.exe" /installsource taggedmi /install "appguid={485AC8F6-31A4-3283-B765-92E31A816C51}&appname=Catsxp-Release&needsadmin=prefers&ap=x64-release&referral=none" /installelevated /nomitagC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateSetup.exe
CatsxpUpdate.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
HIGH
Description:
CatsxpSoftware Update Setup
Version:
1.3.36.261
5244"C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exe" C:\Program Files (x86)\CatsxpSoftware\Update\1.3.36.261\CatsxpUpdateComRegisterShell64.exeCatsxpUpdate.exe
User:
admin
Integrity Level:
HIGH
5544"C:\Program Files (x86)\CatsxpSoftware\Update\CatsxpUpdate.exe" /regserverC:\Program Files (x86)\CatsxpSoftware\Update\CatsxpUpdate.exeCatsxpUpdate.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
HIGH
Description:
CatsxpSoftware Update
Version:
1.3.36.261
6152"C:\Users\admin\Desktop\CatsxpBrowserOnlineSetup64.exe" C:\Users\admin\Desktop\CatsxpBrowserOnlineSetup64.exe
explorer.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
MEDIUM
Description:
CatsxpSoftware Update Setup
Version:
1.3.36.261
Modules
Images
c:\users\admin\desktop\catsxpbrowseronlinesetup64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shlwapi.dll
6840"C:\Program Files (x86)\CatsxpSoftware\Update\CatsxpUpdate.exe" /regsvcC:\Program Files (x86)\CatsxpSoftware\Update\CatsxpUpdate.exeCatsxpUpdate.exe
User:
admin
Company:
CatsxpSoftware Inc.
Integrity Level:
HIGH
Description:
CatsxpSoftware Update
Exit code:
0
Version:
1.3.36.261
Total events
3 500
Read events
3 499
Write events
1
Delete events
0

Modification events

(PID) Process:(6152) CatsxpBrowserOnlineSetup64.exeKey:HKEY_CURRENT_USER\SOFTWARE\CatsxpSoftware\Promo
Operation:writeName:StubInstallerPath
Value:
C:\Users\admin\Desktop\CatsxpBrowserOnlineSetup64.exe
Executable files
68
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateOnDemand.exeexecutable
MD5:232F2614BD423AB600BF85C7FBB06B27
SHA256:89A3ABE8137B5A35FBE74A725BC274143563640907D2FEC441F5EB713E40658F
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\psmachine.dllexecutable
MD5:29F0E5358D9941D04316B613EE21B606
SHA256:448679E4A54A5F5D1CAA87D9565455A04E52423DA6FABEB38F75BA0521083C74
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\psmachine_64.dllexecutable
MD5:17F2A588B6A2128BFA3E1A268DF2DF0F
SHA256:97075C729689A8158B53D5B7DC79802A86F7497D1992F6F14EE7E86BDB9AA667
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\goopdate.dllexecutable
MD5:0032598CC8CA7980B92273ABA91BB40F
SHA256:A19E5EBDC4763AFECE6642848273841E3CBC15ACEC039C1788C93BA08530364C
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\psuser_64.dllexecutable
MD5:5E8E5AC718EC36FB1C5E07E111C4F852
SHA256:986D8423DA68359D1281F34449DFB8907B5C5F5C28FE019E2140652821274E07
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateComRegisterShell64.exeexecutable
MD5:84F4C573FC793C500907DC5092C49E26
SHA256:A025CA92D6B98E1DF5D01D4C210565240B75F42B7B0F3CF19465A951AA16F57E
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpCrashHandler64.exeexecutable
MD5:83DC311903B013643B1A69F0A982B07B
SHA256:D6A8FDA3D3484E77D9B8789DF2819DD7C4DEA97DDC09ED70A163772848C2A0B9
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateCore.exeexecutable
MD5:0882ECAF5F2B474979A77985BBB42645
SHA256:5A0223A6ED7150F32148AA76FBF5BF3B901F97905BDD519B943B0590B0D9923B
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\CatsxpUpdateBroker.exeexecutable
MD5:75F57CEB4466FEE8AE0B87A17DF943D9
SHA256:45EAB99BE7665DA2BE3EFDE677424BCE5DD0768CD638C85B8FE3FD3B65C9C9B0
6152CatsxpBrowserOnlineSetup64.exeC:\Users\admin\AppData\Local\Temp\GUMA783.tmp\goopdateres_cs.dllexecutable
MD5:E94B46199A5B6E73F5F88D0A7637FDF1
SHA256:7777E16A098455DEC303B772706B5C50167E873E509087D1904EE4F611320E1B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
20
DNS requests
5
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
502
59.47.225.50:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
HEAD
502
59.47.225.50:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
GET
502
59.47.225.42:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
HEAD
502
59.47.225.57:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
HEAD
502
59.47.237.131:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
GET
502
59.47.225.41:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
HEAD
200
47.79.64.232:443
https://catsxp.oss-cn-hongkong.aliyuncs.com/x64/catsxp_installer_128_4_9_1.exe
unknown
GET
502
59.47.237.138:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
html
163 b
GET
502
59.47.225.53:443
https://vip.123pan.cn/1811655563/catsxp_update/x64/catsxp_installer_128_4_9_1.exe
unknown
html
163 b
GET
200
15.165.5.45:443
https://www.catsxp.com/installers/icons/%7B485AC8F6-31A4-3283-B765-92E31A816C51%7D.bmp
unknown
image
6.52 Kb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:138
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
15.165.5.45:443
www.catsxp.com
AMAZON-02
KR
unknown
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
239.255.255.250:1900
whitelisted
59.47.237.131:443
vip.123pan.cn
CHINATELECOM Liaoning Benxi MAN
CN
unknown
47.79.64.232:443
catsxp.oss-cn-hongkong.aliyuncs.com
WINDSTREAM
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.181.238
whitelisted
www.catsxp.com
  • 15.165.5.45
unknown
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
vip.123pan.cn
  • 59.47.237.131
  • 59.47.237.141
  • 59.47.225.41
  • 59.47.225.50
  • 59.47.225.54
  • 59.47.225.52
  • 59.47.225.124
  • 59.47.225.55
  • 59.47.225.57
  • 59.47.225.56
  • 59.47.237.138
unknown
catsxp.oss-cn-hongkong.aliyuncs.com
  • 47.79.64.232
unknown

Threats

PID
Process
Class
Message
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
6 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CatsxpBrowserOnlineSetup64.exe