analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

PCToaster.bin.zip

Full analysis: https://app.any.run/tasks/335d842a-ad3a-42dd-92ca-810086fafeac
Verdict: Malicious activity
Analysis date: July 12, 2020, 14:25:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

777B743BF77996D93708078516BCBFB0

SHA1:

D4B84EF7349E01DD89DFF3B3C1EC611ADF159C66

SHA256:

598ADEE81BAA3D9A1E22F56037A64758E0BEF6C1D1AF7FEFDCA031DF8EA11C37

SSDEEP:

1536:0C5bWsBUBfMHMPJVlo8LSy0IwzIoAblEZB6rxw:0AUV0uO7BA5EZEW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • PCToaster.exe (PID: 4020)
      • PCToaster.exe (PID: 3412)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2060)

    • Executed as Windows Service

      • vds.exe (PID: 888)

    • Executed via COM

      • vdsldr.exe (PID: 2348)

    • Executes JAVA applets

      • PCToaster.exe (PID: 3412)

    • Uses ATTRIB.EXE to modify file attributes

      • javaw.exe (PID: 1184)

    • Low-level read access rights to disk partition

      • vds.exe (PID: 888)

    • Uses TASKKILL.EXE to kill process

      • javaw.exe (PID: 1184)

  • INFO

    • Manual execution by user

      • explorer.exe (PID: 2328)
      • PCToaster.exe (PID: 3412)
      • PCToaster.exe (PID: 4020)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: PCToaster.bin
ZipUncompressedSize: 421699
ZipCompressedSize: 62375
ZipCRC: 0xbb833465
ZipModifyDate: 2020:05:15 12:24:12
ZipCompression: Deflated
ZipBitFlag: 0x0001
ZipRequiredVersion: 788
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
115
Monitored processes
38
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe explorer.exe no specs pctoaster.exe no specs pctoaster.exe javaw.exe no specs attrib.exe no specs diskpart.exe no specs vdsldr.exe no specs vds.exe no specs takeown.exe no specs takeown.exe no specs taskkill.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs mountvol.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2060"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\PCToaster.bin.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
2328"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
4020"C:\Users\admin\Desktop\PCToaster.exe" C:\Users\admin\Desktop\PCToaster.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
3412"C:\Users\admin\Desktop\PCToaster.exe" C:\Users\admin\Desktop\PCToaster.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
1184"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\Desktop\PCToaster.exe"C:\Program Files\Java\jre1.8.0_92\bin\javaw.exePCToaster.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
HIGH
Description:
Java(TM) Platform SE binary
Version:
8.0.920.14
3340attrib +h C:\Users\admin\Desktop\scr.txtC:\Windows\system32\attrib.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Attribute Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2644diskpart /s C:\Users\admin\Desktop\scr.txtC:\Windows\system32\diskpart.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
DiskPart
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2348C:\Windows\System32\vdsldr.exe -EmbeddingC:\Windows\System32\vdsldr.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Virtual Disk Service Loader
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
888C:\Windows\System32\vds.exeC:\Windows\System32\vds.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Virtual Disk Service
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3048takeown /f V:\Boot /rC:\Windows\system32\takeown.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Takes ownership of a file
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
386
Read events
364
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
1184javaw.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:B2D09FCBE9D155869FC37D92781A751C
SHA256:9A0171028334CBE56D7F3060F14C5D004F995CDA26E2EB442B23F6324AE4AF84
1184javaw.exeC:\Users\admin\Desktop\scr.txttext
MD5:AD1869D6F0B2B809394605D3E73EEB74
SHA256:7E9CDE40095F2A877375CB30FECD4F64CF328E3AB11BAED5242F73CBB94BD394
2060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2060.40203\PCToaster.binexecutable
MD5:04251A49A240DBF60975AC262FC6AEB7
SHA256:85A58AA96DCCD94316A34608BA996656A22C8158D5156B6E454D9D69E6FF38C3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
PCToaster.bin.zip