File name:

ToxidPP.rar

Full analysis: https://app.any.run/tasks/7a72f412-7a0b-42be-98d6-5a2baa35d73d
Verdict: Malicious activity
Analysis date: March 14, 2022, 04:10:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

0F0060E989FB469D48ABF9C9C11F154B

SHA1:

61A162E4FB461FF60281EED0A22BE0275CB1DEDC

SHA256:

FC45A9D72BA77DBC1066743790A71687F51E84652B6B573502D00FC63292C539

SSDEEP:

6144:eL9EcXS3dp2W+G8KY2RF5GASUP/uUtBLQRW5RknRfB3W6yX8sj8BLRekYBNdiRWz:eL99Ctp21KxrsAjioknJhDe8BLRk3uWz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 2232)
      • ToxidPP.exe (PID: 2252)

    • Application was dropped or rewritten from another process

      • ToxidPP.exe (PID: 1148)
      • ToxidPP.exe (PID: 2252)

  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 1324)
      • ToxidPP.exe (PID: 2252)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1324)

    • Reads the computer name

      • WinRAR.exe (PID: 1324)
      • ToxidPP.exe (PID: 2252)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 1324)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 1324)

  • INFO

    • Manual execution by user

      • ToxidPP.exe (PID: 1148)
      • ToxidPP.exe (PID: 2252)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs toxidpp.exe no specs toxidpp.exe

Process information

PID
CMD
Path
Indicators
Parent process
1148"C:\Users\admin\Desktop\ToxidPP\ToxidPP.exe" C:\Users\admin\Desktop\ToxidPP\ToxidPP.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
ToxidPP
Exit code:
3221226540
Version:
1.0.0.0
1324"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\ToxidPP.rar"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
2232"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\system32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
2252"C:\Users\admin\Desktop\ToxidPP\ToxidPP.exe" C:\Users\admin\Desktop\ToxidPP\ToxidPP.exe
Explorer.EXE
User:
admin
Integrity Level:
HIGH
Description:
ToxidPP
Exit code:
0
Version:
1.0.0.0
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
1324WinRAR.exeC:\Users\admin\Desktop\ToxidPP\ToxidPP.exeexecutable
MD5:DFC559E2A5994DBCB4CCFE080FC28CAF
SHA256:9DBAB7AF2FC3FEB7CF356F055A67469212655ED65613FA854AF16BF4DAEDA244
1324WinRAR.exeC:\Users\admin\Desktop\ToxidPP\DiscordRPC.dllexecutable
MD5:AD463F573775C43A561ADE842C41B0E8
SHA256:6A18DFC8BDC6030787B5814C76B8663DBE5B8CA469BEB65A2CA9F5731FA1906F
1324WinRAR.exeC:\Users\admin\Desktop\ToxidPP\DiscordRPC.xmlxml
MD5:07DCEB643B73DD3B700DCF82E1D6663A
SHA256:24FC42B9582988ED65E5F003AA8E44358691A58F5DB6A0E8821560C0FE9B2EE4
1324WinRAR.exeC:\Users\admin\Desktop\ToxidPP\Newtonsoft.Json.dllexecutable
MD5:4DF6C8781E70C3A4912B5BE796E6D337
SHA256:3598CCCAD5B535FEA6F93662107A4183BFD6167BF1D0F80260436093EDC2E3AF
1324WinRAR.exeC:\Users\admin\Desktop\ToxidPP\Newtonsoft.Json.xmlxml
MD5:ED67AC96769018255050AC0829CA459A
SHA256:F32ED922FE5B22DD693E160AEE4F0DCAB753EBD740BED40490AE4179274B4B49
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
ToxidPP.rar