File name:

tinytask_setup.exe

Full analysis: https://app.any.run/tasks/d683c0c0-f005-4f06-98ec-a3f9ac34ba6a
Verdict: Malicious activity
Analysis date: June 17, 2024, 01:29:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

AC850015C9BCC969B233ED430EF41866

SHA1:

4DCF88C3A4EAF3AE019DF56A8258030E06FC64BD

SHA256:

EFA29A2024460F1DF66ADB96968F0515A910ED91429059101C0285BB1BED86BC

SSDEEP:

12288:Ps7zXzdt9kVVVVVVVVn7PuHr+HhTsjIYAy8NuT16STbJ3lZFf:P4zjdX3+HhTsjIYX8uT1PbdlZ1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • tinytask_setup.exe (PID: 3968)
      • TinyTaskPortable.exe (PID: 1020)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • tinytask_setup.exe (PID: 3968)
      • TinyTaskPortable.exe (PID: 1020)

    • Executable content was dropped or overwritten

      • tinytask_setup.exe (PID: 3968)
      • TinyTaskPortable.exe (PID: 1020)

    • Creates file in the systems drive root

      • tinytask_setup.exe (PID: 3968)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • tinytask_setup.exe (PID: 3968)
      • TinyTaskPortable.exe (PID: 1020)

  • INFO

    • Reads the computer name

      • tinytask_setup.exe (PID: 3968)
      • TinyTaskPortable.exe (PID: 1020)

    • Create files in a temporary directory

      • tinytask_setup.exe (PID: 3968)
      • TinyTaskPortable.exe (PID: 1020)

    • Checks supported languages

      • TinyTaskPortable.exe (PID: 1020)
      • tinytask.exe (PID: 752)
      • tinytask_setup.exe (PID: 3968)

    • Manual execution by a user

      • TinyTaskPortable.exe (PID: 1020)

    • Reads the machine GUID from the registry

      • TinyTaskPortable.exe (PID: 1020)
      • tinytask_setup.exe (PID: 3968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:01+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 428544
UninitializedDataSize: 16384
EntryPoint: 0x34a5
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.77.0.0
ProductVersionNumber: 1.77.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
Comments: For additional details, visit PortableApps.com
CompanyName: PortableApps.com
FileDescription: TinyTask Portable
FileVersion: 1.77.0.0
InternalName: TinyTask Portable
LegalCopyright: 2007-2019 PortableApps.com, PortableApps.com Installer 3.5.14.0
LegalTrademarks: PortableApps.com is a registered trademark of Rare Ideas, LLC.
OriginalFileName: TinyTaskPortable_1.77_English.paf.exe
PortableAppscomAppID: TinyTaskPortable
PortableAppscomFormatVersion: 3.5.14
PortableAppscomInstallerVersion: 3.5.14.0
ProductName: TinyTask Portable
ProductVersion: 1.77.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start tinytask_setup.exe tinytaskportable.exe tinytask.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
752"C:\Users\admin\Desktop\TinyTaskPortable\App\TinyTask\tinytask.exe"C:\Users\admin\Desktop\TinyTaskPortable\App\TinyTask\tinytask.exeTinyTaskPortable.exe
User:
admin
Integrity Level:
MEDIUM
Description:
www.tinytask.net
Version:
1, 77, 0, 0
Modules
Images
c:\users\admin\desktop\tinytaskportable\app\tinytask\tinytask.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1020"C:\Users\admin\Desktop\TinyTaskPortable\TinyTaskPortable.exe" C:\Users\admin\Desktop\TinyTaskPortable\TinyTaskPortable.exe
explorer.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
MEDIUM
Description:
TinyTask Portable (PortableApps.com Launcher)
Version:
2.2.1.0
Modules
Images
c:\users\admin\desktop\tinytaskportable\tinytaskportable.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
3968"C:\Users\admin\AppData\Local\Temp\tinytask_setup.exe" C:\Users\admin\AppData\Local\Temp\tinytask_setup.exe
explorer.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
MEDIUM
Description:
TinyTask Portable
Exit code:
0
Version:
1.77.0.0
Modules
Images
c:\users\admin\appdata\local\temp\tinytask_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
4 611
Read events
4 597
Write events
14
Delete events
0

Modification events

(PID) Process:(3968) tinytask_setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3968) tinytask_setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-2
Value:
Access the computers and devices that are on your network.
(PID) Process:(3968) tinytask_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:link
Value:
15000000
(PID) Process:(3968) tinytask_setup.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:@%CommonProgramFiles%\system\wab32res.dll,-10200
Value:
Contains Contact files.
(PID) Process:(3968) tinytask_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Width
Value:
318
(PID) Process:(3968) tinytask_setup.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:Browse For Folder Height
Value:
288
Executable files
8
Suspicious files
2
Text files
27
Unknown types
0

Dropped files

PID
Process
Filename
Type
3968tinytask_setup.exeC:\Users\admin\Desktop\TinyTaskPortable\App\readme.txttext
MD5:27FE7240527AC2B313533ADE469045CB
SHA256:E09B2AB9DFD9AF3BAD96045EEE9F55B4638BA1BBD457DCF848DD8743DCD417AF
3968tinytask_setup.exeC:\Users\admin\Desktop\TinyTaskPortable\help.htmlhtml
MD5:940E7BFF53EFEEAEC76BFF888931AA65
SHA256:09BCA8EDAD11B408FFAC3629C4B53541C96141B4624981FAB28456BF9339E9E1
3968tinytask_setup.exeC:\Users\admin\AppData\Local\Temp\nss23D8.tmp\w7tbp.dllexecutable
MD5:9A3031CC4CEF0DBA236A28EECDF0AFB5
SHA256:53BB519E3293164947AC7CBD7E612F637D77A7B863E3534BA1A7E39B350D3C00
3968tinytask_setup.exeC:\Users\admin\AppData\Local\Temp\nss23D8.tmp\nsDialogs.dllexecutable
MD5:466179E1C8EE8A1FF5E4427DBB6C4A01
SHA256:1E40211AF65923C2F4FD02CE021458A7745D28E2F383835E3015E96575632172
3968tinytask_setup.exeC:\Users\admin\Desktop\TinyTaskPortable\App\AppInfo\appinfo.initext
MD5:39D3BC82F7AF21B8CADA1E16871E4695
SHA256:2141DF32FBAFA67FFEE2A35C2F19941932BED99D83FF989E998D0793674B024A
3968tinytask_setup.exeC:\Users\admin\Desktop\TinyTaskPortable\TinyTaskPortable.exeexecutable
MD5:B8B00F624C0058FB0A2672C0CAB17EBD
SHA256:B8BA1561102FB11648FF0DF3690BB9A337E6FCB2F92C4FD59ABB115A21408F3A
3968tinytask_setup.exeC:\Users\admin\Desktop\TinyTaskPortable\App\AppInfo\appicon_75.pngimage
MD5:018D8FBD77014C0D59E18B5F62D39B41
SHA256:0F3A5C43275645427140903D7503CD5F6124568B177998755D51589D26326207
3968tinytask_setup.exeC:\Users\admin\Desktop\TinyTaskPortable\App\AppInfo\pac_installer_log.initext
MD5:30EC9839A9AC8B55D57A02731222B182
SHA256:95C24D7C065CB905178ECC1BB523A496A3A74A89857A21463931C15C235D41DF
3968tinytask_setup.exeC:\Users\admin\AppData\Local\Temp\nss23D8.tmp\modern-wizard.bmpimage
MD5:4DF53EFCAA2C52F39618B2AAD77BB552
SHA256:EE13539F3D66CC0592942EA1A4C35D8FD9AF67B1A7F272D0D791931E6E9CE4EB
3968tinytask_setup.exeC:\Users\admin\Desktop\TinyTaskPortable\App\AppInfo\Launcher\TinyTaskPortable.initext
MD5:F5CB2D1189D796C1283FE42024B5DD82
SHA256:AF1374561298934A449DD7D3DDB460A6D7EAFA12E449A544306535E0F931A65E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
tinytask_setup.exe