File name:

tinytask (6).exe

Full analysis: https://app.any.run/tasks/f1749d4f-9b0a-4f3b-a9c5-7905620ef620
Verdict: Malicious activity
Analysis date: June 18, 2024, 08:08:16
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

8FD3551654F0F5281DDBD7E32CB73054

SHA1:

9B1C9722847CD57CD11E4DE80CD9E8197C3C34CD

SHA256:

75E06AC5B7C1ADB01AB994633466685E3DCEF31D635EBA1734FE16C7893FFE12

SSDEEP:

768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW0:5zGzd0wXlVwv0SgNQXoeAW0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • tinytask (6).exe (PID: 3976)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • filezilla.exe (PID: 2104)

  • INFO

    • Checks supported languages

      • tinytask (6).exe (PID: 3976)
      • filezilla.exe (PID: 2104)

    • Creates files or folders in the user directory

      • filezilla.exe (PID: 2104)

    • Manual execution by a user

      • filezilla.exe (PID: 2104)

    • Reads the machine GUID from the registry

      • filezilla.exe (PID: 2104)

    • Reads the computer name

      • filezilla.exe (PID: 2104)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (42.6)
.exe | Clipper DOS Executable (19.1)
.exe | Generic Win/DOS Executable (18.9)
.exe | DOS Executable Generic (18.9)
.vxd | VXD Driver (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:11:04 10:40:02+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 14336
InitializedDataSize: 23040
UninitializedDataSize: -
EntryPoint: 0x4680
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.77.0.0
ProductVersionNumber: 1.77.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: www.tinytask.net
CompanyName: -
FileDescription: www.tinytask.net
FileVersion: 1, 77, 0, 0
InternalName: -
LegalCopyright: Copyright (c) 2019. All Rights Reserved.
LegalTrademarks: -
OriginalFileName: TinyTask.exe
PrivateBuild: -
ProductName: TinyTask
ProductVersion: 1, 77, 0, 0
SpecialBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start tinytask (6).exe no specs PhotoViewer.dll no specs filezilla.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2104"C:\Program Files\FileZilla FTP Client\filezilla.exe" C:\Program Files\FileZilla FTP Client\filezilla.exeexplorer.exe
User:
admin
Company:
FileZilla Project
Integrity Level:
MEDIUM
Description:
FileZilla FTP Client
Exit code:
0
Version:
3, 65, 0, 0
Modules
Images
c:\program files\filezilla ftp client\filezilla.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\filezilla ftp client\libfzclient-commonui-private-3-65-0.dll
c:\program files\filezilla ftp client\libfzclient-private-3-65-0.dll
c:\program files\filezilla ftp client\libfilezilla-40.dll
c:\program files\filezilla ftp client\libgmp-10.dll
c:\windows\system32\msvcrt.dll
c:\program files\filezilla ftp client\libgcc_s_dw2-1.dll
3976"C:\Users\admin\AppData\Local\Temp\tinytask (6).exe" C:\Users\admin\AppData\Local\Temp\tinytask (6).exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
www.tinytask.net
Version:
1, 77, 0, 0
Modules
Images
c:\users\admin\appdata\local\temp\tinytask (6).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
4004C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
4 318
Read events
4 316
Write events
2
Delete events
0

Modification events

(PID) Process:(4004) dllhost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
DllHost.exe
(PID) Process:(4004) dllhost.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
Operation:writeName:MainWndPos
Value:
6000000034000000A00400008002000001000000
Executable files
0
Suspicious files
0
Text files
28
Unknown types
0

Dropped files

PID
Process
Filename
Type
2104filezilla.exeC:\Users\admin\AppData\Roaming\FileZilla\layout.xmlxml
MD5:2C67357412FE5428D2EB67E2178925FA
SHA256:6E8BEE236C7BB6E2CD249AF7449B0F08AFCEBEBE4140CF818750E4489D570B69
2104filezilla.exeC:\Users\admin\AppData\Roaming\FileZilla\layout.xml~xml
MD5:2C67357412FE5428D2EB67E2178925FA
SHA256:6E8BEE236C7BB6E2CD249AF7449B0F08AFCEBEBE4140CF818750E4489D570B69
2104filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_cancel20x20.pngimage
MD5:6BE7EED3137A96DACD17950450172DA7
SHA256:16DE9E9B70D7972B3A23116EA4D32E3E6F289A2B1516B5D8CE66883680CCF6FD
2104filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_synchronize20x20.pngimage
MD5:18A1FD4D78B7875FF7A41FACDDEBABD5
SHA256:51ECA3CFC0917F0CB8B439AE7BF55525924A9E12083A078D8C9422B1B0B2CE47
2104filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_remotetreeview20x20.pngimage
MD5:6C92B93B3D359862261CA013F82A67B9
SHA256:C9FB39828A6523088FACF944E2DA8BB2844D902C23BF37CBD9A855B316E507D6
2104filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_refresh20x20.pngimage
MD5:4200F34DDE6326197C308F620DE40E17
SHA256:81FAD4C1D3BB7678FCD32B29DCF113B4AB869653C4A31EDEF61EC560CFD1D5B5
2104filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_reconnect20x20.pngimage
MD5:0AFE55D6CF1766E96B09E7CA9A663FF5
SHA256:4911B7816BD68BE298B77F97B9042643A1353826ED74A98B4B1549A225370D9A
2104filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_processqueue20x20.pngimage
MD5:8981536CE9B6CA800D4AA3E1531F5E18
SHA256:FDF9033E11E9A2573320A4012154D4014AD288C3F6528079F22379566BE75D55
2104filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_disconnect20x20.pngimage
MD5:83A9C5C3B1F35ED0831BF7DDD4C770B9
SHA256:B8AE6364C0E09631E8585ECC9CCBD18FC4A34AA5E46C3C5F7B9B94D0B02470A4
2104filezilla.exeC:\Users\admin\AppData\Local\FileZilla\default_find20x20.pngimage
MD5:3CC73AF5D633F172A9D7081B5D97E440
SHA256:9BD6DBC93CB0EAF8628D176F2E92A47DE39D1E76FF89D71E20A0ADFCDE91CEF0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
tinytask (6).exe