URL:

https://tinytask.en.softonic.com/download

Full analysis: https://app.any.run/tasks/53a16ef2-717e-4dbf-a4a2-9e124d20f494
Verdict: Malicious activity
Analysis date: December 02, 2023, 04:00:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

91D201DBDE18CC37B505D5100C96102D

SHA1:

C41136EC0B4ACCF4AE1AF68B2451696EB2393CFA

SHA256:

2D773707E21252C6A0384FA438068089CE22E6700D97BBC728B7BEAA800E1D58

SSDEEP:

3:N8EFJDHLGKMM:2EFJLGKMM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3176)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3176)

    • Application launched itself

      • iexplore.exe (PID: 844)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3176)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
844"C:\Program Files\Internet Explorer\iexplore.exe" "https://tinytask.en.softonic.com/download"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3176"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3816"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:844 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
Total events
25 652
Read events
25 548
Write events
100
Delete events
4

Modification events

(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005A010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(844) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
0
Suspicious files
44
Text files
39
Unknown types
0

Dropped files

PID
Process
Filename
Type
3816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:376648C96DCB8163888D197C77E076A4
SHA256:FD1EFC6BE429FCF175B3AB84C5FBC539A06826121EC3D27E83625D208E3AB42C
3816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:D6ED2FB33E0C03573089E2197B65351F
SHA256:70EAA84CD7AA69A3AB255B5AEC5C1245605ADDBABE284242F013C81B86F8C3FD
3816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868binary
MD5:33EBA56481F2654982D82AE49B9A57C4
SHA256:AF2F15587B9C6D7E5C9E92C9E0A96E7529A096691C34F70AD9DA86FE9DDD8812
3816iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\bat[1].jstext
MD5:7F75F159026F3A2C8CCCDA487B43157B
SHA256:5E319852607809336B2534FFEB96F6933F26994DD040F535302C84F59CC0A214
3816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:CBAD007BA4B513B398B86FA1F5050783
SHA256:2ED0E9DD4C43C68FE6CF183EC622B4D5157E982D52A7EA74A8F3210C84DA3806
3816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_7BCC9F440F7DCA972F9451E6CDDEA6D3binary
MD5:C8C8593DB0AF3C4886074FB9F7A5C45A
SHA256:1BEA390469B62F5EF01742535C19B77DE360BC8710392485045AF9FB33163640
3816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868binary
MD5:FD8F9807BD355CD565B287B9F332F2A9
SHA256:EAF24EBB5CD1859D7D590AA73F0D3D24ABB8A64E30F9DCF19E88C39DA12116B6
3816iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:9993D5F9E8CC93D4736AF8C7013DF9DD
SHA256:DD673719EC20D581D6F892B1707BC30AA684A9A1FB70DD157513A0F6079FC03B
3816iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\download[1].htmhtml
MD5:415BC35D04E51A5E55C9D960DAC443AD
SHA256:2F80F27B1D9EEFEC647533BF6B23FB2FD0D33C1FE3FB40E26C8A631061CA0A72
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
108
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3816
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?25fa4254fbf74a53
unknown
compressed
4.66 Kb
unknown
3816
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?64a1a5dfd935ecb5
unknown
compressed
4.66 Kb
unknown
3816
iexplore.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
binary
1.42 Kb
unknown
3816
iexplore.exe
GET
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?65a4258cae83253a
unknown
unknown
3816
iexplore.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBT8p55LRlX%2BveM4oDlzhIhnAZ%2Ft2wQUOgqMHHdZKeoW9pk%2Foxez3ykRkzoCEQCQJ%2Bb19PBVS7NIK3Ohd%2BXn
unknown
binary
472 b
unknown
3816
iexplore.exe
GET
200
18.66.142.79:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D
unknown
binary
1.39 Kb
unknown
3816
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?a9fb4b3e7ffac1f1
unknown
compressed
65.2 Kb
unknown
3816
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f37de2934c8a2952
unknown
compressed
65.2 Kb
unknown
3816
iexplore.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
3816
iexplore.exe
GET
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?41bab9ed58ebae6b
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3816
iexplore.exe
35.227.233.104:443
tinytask.en.softonic.com
GOOGLE
US
unknown
3816
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
4
System
192.168.100.255:138
whitelisted
3816
iexplore.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
unknown
2588
svchost.exe
239.255.255.250:1900
whitelisted
3816
iexplore.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
shared
3816
iexplore.exe
142.250.186.168:443
www.googletagmanager.com
GOOGLE
US
unknown
3816
iexplore.exe
13.32.99.124:443
sdk.privacy-center.org
AMAZON-02
US
unknown
3816
iexplore.exe
142.250.185.162:443
securepubads.g.doubleclick.net
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
tinytask.en.softonic.com
  • 35.227.233.104
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
sdk.privacy-center.org
  • 13.32.99.124
  • 13.32.99.123
  • 13.32.99.87
  • 13.32.99.11
shared
www.googletagmanager.com
  • 142.250.186.168
whitelisted
softonic.com
  • 35.227.233.104
whitelisted
securepubads.g.doubleclick.net
  • 142.250.185.162
whitelisted
sc.sftcdn.net
  • 151.101.1.91
  • 151.101.65.91
  • 151.101.129.91
  • 151.101.193.91
whitelisted
images.sftcdn.net
  • 104.102.38.56
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://tinytask.en.softonic.com/download