File name:

hitpaw-video-enhancer.exe

Full analysis: https://app.any.run/tasks/3bf7a0f9-e839-4117-8290-0d70f2e68393
Verdict: Malicious activity
Analysis date: November 04, 2024, 16:48:23
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
evasion
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

998C5BD07C484197E895129D6CF6D6D9

SHA1:

9263E52580C2C8D6D5DF84F5E54E1E69683DB7F4

SHA256:

9FAD6A9776D766723FD5B8E0D8FD1FAA803F195712ACF5C75D7F18278E9BBC0A

SSDEEP:

98304:yTKdmVALQ0wLJhlwH64Wf4jLZyWD3ORIFpQrEEj9zS69PdbYwTMZ6SFv3Mj/DyAo:mVs06h

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • The process executes via Task Scheduler

      • default-browser-agent.exe (PID: 4808)

  • INFO

    • UPX packer has been detected

      • hitpaw-video-enhancer.exe (PID: 5828)

    • Application launched itself

      • firefox.exe (PID: 1568)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (64.2)
.dll | Win32 Dynamic Link Library (generic) (15.6)
.exe | Win32 Executable (generic) (10.6)
.exe | Generic Win/DOS Executable (4.7)
.exe | DOS Executable Generic (4.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:08:30 09:15:51+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 2252800
InitializedDataSize: 614400
UninitializedDataSize: 1638400
EntryPoint: 0x3b5ec0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.7.20.1
ProductVersionNumber: 2.7.20.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: HitPaw
FileDescription: HitPaw Video Enhancer
FileVersion: 2.7.20.1
LegalCopyright: Copyright © 2021-2024 HITPAW CO.,LIMITED All Rights Reserved.
ProductName: 20240830171527
ProductVersion: 2.7.20.1
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
127
Monitored processes
5
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT hitpaw-video-enhancer.exe default-browser-agent.exe no specs firefox.exe no specs firefox.exe no specs hitpaw-video-enhancer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1568"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent do-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exedefault-browser-agent.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
3
Version:
123.0
3076"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent do-task 308046B0AF4A39CBC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
3
Version:
123.0
4808"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" do-task "308046B0AF4A39CB"C:\Program Files\Mozilla Firefox\default-browser-agent.exesvchost.exe
User:
admin
Company:
Mozilla Foundation
Integrity Level:
MEDIUM
Exit code:
2147500037
Version:
123.0
5828"C:\Users\admin\Desktop\hitpaw-video-enhancer.exe" C:\Users\admin\Desktop\hitpaw-video-enhancer.exe
explorer.exe
User:
admin
Company:
HitPaw
Integrity Level:
HIGH
Description:
HitPaw Video Enhancer
Version:
2.7.20.1
Modules
Images
c:\users\admin\desktop\hitpaw-video-enhancer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6676"C:\Users\admin\Desktop\hitpaw-video-enhancer.exe" C:\Users\admin\Desktop\hitpaw-video-enhancer.exeexplorer.exe
User:
admin
Company:
HitPaw
Integrity Level:
MEDIUM
Description:
HitPaw Video Enhancer
Exit code:
3221226540
Version:
2.7.20.1
Modules
Images
c:\users\admin\desktop\hitpaw-video-enhancer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
1 979
Read events
1 978
Write events
1
Delete events
0

Modification events

(PID) Process:(5828) hitpaw-video-enhancer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Tenorshare\Downloader2.5.0
Operation:writeName:GA_PC
Value:
1
Executable files
0
Suspicious files
1
Text files
3
Unknown types
2

Dropped files

PID
Process
Filename
Type
3076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\93u99co2.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\prefs-1.jstext
MD5:D64C84EDCE9E97AA650F617724B04002
SHA256:250A7A643430046D28C6D57A8EA51619F70FD7CD5CA6FA6B0430264087504819
3076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\93u99co2.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmpdbf
MD5:63B1BB87284EFE954E1C3AE390E7EE44
SHA256:B017EE25A7F5C09EB4BF359CA721D67E6E9D9F95F8CE6F741D47F33BDE6EF73A
3076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\93u99co2.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.bindbf
MD5:63B1BB87284EFE954E1C3AE390E7EE44
SHA256:B017EE25A7F5C09EB4BF359CA721D67E6E9D9F95F8CE6F741D47F33BDE6EF73A
5828hitpaw-video-enhancer.exeC:\Users\admin\AppData\Local\Temp\hitpawvideoenhancer_hitpawnet\hitpawvideoenhancer_hitpawnet_3.6.0.exe.xmltext
MD5:638A3E6C1075C811867A7C244AB70426
SHA256:442B4559933D0704FEE06534BD84DC32BB3398CEF7A2FB3E70358FD7A23B74AC
3076firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\93u99co2.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\prefs.jstext
MD5:D64C84EDCE9E97AA650F617724B04002
SHA256:250A7A643430046D28C6D57A8EA51619F70FD7CD5CA6FA6B0430264087504819
5828hitpaw-video-enhancer.exeC:\Users\admin\AppData\Local\Temp\hitpawvideoenhancer_hitpawnet\galog.jsonbinary
MD5:91B8FDC2C8DED9B3EDE3373A107A443B
SHA256:F1CFF614834AB991DEBB4EAEC6BF39671991139770F1957B9632214E56AADDB5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
111
TCP/UDP connections
74
DNS requests
15
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
301
104.17.207.155:80
http://www.tenorshare.com/downloads/service/softwarelog.txt
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
204
142.250.185.78:443
https://www.google-analytics.com/g/collect?v=2&cid=26B799FA5254000AAE2B&tid=G-74YD6GC3VL&ep.ts_productname=Downloader&ep.ts_productversion=2.7.20.1&ep.ts_category=CrashRate&ep.ts_action=Start&ep.ts_label=&en=Start&ep.cd1=2.7.20.1&ep.cd2=PPC&ep.cd3=HitPawNet&ep.cd4=HitPaw%20Video%20Enhancer&ep.cd5=United%20States&ep.cd6=English&ep.cd7=Windows%2010%2064bit&ep.cd8=1
unknown
GET
200
23.48.23.194:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
208.95.112.1:80
http://ip-api.com/csv
unknown
shared
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
HEAD
200
104.18.27.3:443
https://download.hitpaw.net/downloads/extra/hitpawvideoenhancer_hitpawnet.exe
unknown
POST
204
142.250.185.78:443
https://www.google-analytics.com/g/collect?v=2&cid=26B799FA5254000AAE2B&tid=G-74YD6GC3VL&ep.ts_productname=Downloader&ep.ts_productversion=2.7.20.1&ep.ts_category=PC&ep.ts_action=SysOS&ep.ts_label=Windows%2010%2064bit&en=SysOS&ep.cd1=2.7.20.1&ep.cd2=PPC&ep.cd3=HitPawNet&ep.cd4=HitPaw%20Video%20Enhancer&ep.cd5=United%20States&ep.cd6=English&ep.cd7=Windows%2010%2064bit&ep.cd8=1
unknown
GET
104.18.26.3:443
https://download.hitpaw.net/downloads/extra/hitpawvideoenhancer_hitpawnet.exe
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:137
whitelisted
92.123.104.47:443
www.bing.com
Akamai International B.V.
DE
whitelisted
92.123.104.53:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.168.100.255:138
whitelisted
104.17.207.155:80
www.tenorshare.com
CLOUDFLARENET
whitelisted
104.18.25.249:443
update.tenorshare.com
CLOUDFLARENET
suspicious
104.17.207.155:443
www.tenorshare.com
CLOUDFLARENET
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.194:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
  • 40.127.240.158
whitelisted
www.bing.com
  • 92.123.104.47
  • 92.123.104.53
  • 92.123.104.39
  • 92.123.104.56
  • 92.123.104.51
  • 92.123.104.42
  • 92.123.104.52
  • 92.123.104.45
  • 92.123.104.55
whitelisted
google.com
  • 142.250.185.238
whitelisted
www.tenorshare.com
  • 104.17.207.155
  • 104.17.192.141
whitelisted
update.tenorshare.com
  • 104.18.25.249
  • 104.18.24.249
unknown
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.145
  • 23.48.23.180
  • 23.48.23.156
  • 23.48.23.194
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
ip-api.com
  • 208.95.112.1
shared
www.google-analytics.com
  • 142.250.186.46
whitelisted
analytics.afirstsoft.cn
  • 104.18.2.37
  • 104.18.3.37
unknown

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
Device Retrieving External IP Address Detected
INFO [ANY.RUN] External IP Check (ip-api .com)
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
3 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
hitpaw-video-enhancer.exe