File name:

Automatic Mouse and Keyboard 6.1.7.4.zip

Full analysis: https://app.any.run/tasks/ff4d3201-54ac-4f7a-9f16-1a46be1ce3b1
Verdict: Suspicious activity
Analysis date: July 07, 2020, 06:53:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

8E018A3207ED523A43DA8208B800D59F

SHA1:

392E9ECED1A18AFA976781B9F93BAA6D7B9C702D

SHA256:

6CB98257284233F85A6ED49FA9FFA0BD6AC3706A18200D6573311143CF12C432

SSDEEP:

12288:/BruvaV7R0s8sDVL7B4zXeye4C8OuegaR6QvMs1WmX3QsEXOcHEhyapVaFsRo:/BruCBRAsRNUPBOuegacQ0sAoQ3XOcHX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Automatic Mouse and Keyboard 6.1.7.4.exe (PID: 3456)
      • Automatic Mouse and Keyboard 6.1.7.4.exe (PID: 3852)
      • sihost.exe (PID: 3420)

    • Uses Task Scheduler to run other applications

      • sihost.exe (PID: 3420)

    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 348)
      • schtasks.exe (PID: 1840)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Automatic Mouse and Keyboard 6.1.7.4.exe (PID: 3456)
      • WinRAR.exe (PID: 1340)
      • Automatic Mouse and Keyboard 6.1.7.4.exe (PID: 3852)
      • 7za.exe (PID: 2484)
      • Automatic Mouse and Keyboard 6.1.7.4.tmp (PID: 764)

    • Reads Windows owner or organization settings

      • Automatic Mouse and Keyboard 6.1.7.4.tmp (PID: 764)

    • Reads the Windows organization settings

      • Automatic Mouse and Keyboard 6.1.7.4.tmp (PID: 764)

    • Creates files in the user directory

      • Automatic Mouse and Keyboard 6.1.7.4.tmp (PID: 764)
      • sihost.exe (PID: 3420)

    • Executed via COM

      • explorer.exe (PID: 2716)

  • INFO

    • Manual execution by user

      • Automatic Mouse and Keyboard 6.1.7.4.exe (PID: 3456)

    • Application was dropped or rewritten from another process

      • Automatic Mouse and Keyboard 6.1.7.4.tmp (PID: 2232)
      • 7za.exe (PID: 3948)
      • Automatic Mouse and Keyboard 6.1.7.4.tmp (PID: 764)
      • 7za.exe (PID: 760)
      • 7za.exe (PID: 2484)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0001
ZipCompression: Deflated
ZipModifyDate: 2020:07:07 09:49:16
ZipCRC: 0x56f2bace
ZipCompressedSize: 684579
ZipUncompressedSize: 758438
ZipFileName: Automatic Mouse and Keyboard 6.1.7.4.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
57
Monitored processes
14
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start winrar.exe automatic mouse and keyboard 6.1.7.4.exe automatic mouse and keyboard 6.1.7.4.tmp no specs automatic mouse and keyboard 6.1.7.4.exe automatic mouse and keyboard 6.1.7.4.tmp 7za.exe no specs 7za.exe 7za.exe no specs sihost.exe no specs schtasks.exe no specs schtasks.exe no specs explorer.exe no specs explorer.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
348"C:\Windows\system32\schtasks.exe" /Delete /tn "Microsoft\Windows\Windows Error Reporting\SysInfo" /fC:\Windows\system32\schtasks.exesihost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
760"C:\Users\admin\AppData\Local\Temp\is-L9ET7.tmp\7za.exe" x "C:\Users\admin\AppData\Local\Temp\is-L9ET7.tmp\misc.res" -p"b1lig@n_vl"C:\Users\admin\AppData\Local\Temp\is-L9ET7.tmp\7za.exeAutomatic Mouse and Keyboard 6.1.7.4.tmp
User:
admin
Company:
Igor Pavlov
Integrity Level:
HIGH
Description:
7-Zip Standalone Console
Exit code:
0
Version:
4.65
Modules
Images
c:\users\admin\appdata\local\temp\is-l9et7.tmp\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
764"C:\Users\admin\AppData\Local\Temp\is-K9AKV.tmp\Automatic Mouse and Keyboard 6.1.7.4.tmp" /SL5="$5015E,368446,121344,C:\Users\admin\Desktop\Automatic Mouse and Keyboard 6.1.7.4.exe" /SPAWNWND=$60130 /NOTIFYWND=$3012C C:\Users\admin\AppData\Local\Temp\is-K9AKV.tmp\Automatic Mouse and Keyboard 6.1.7.4.tmp
Automatic Mouse and Keyboard 6.1.7.4.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-k9akv.tmp\automatic mouse and keyboard 6.1.7.4.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
1340"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Automatic Mouse and Keyboard 6.1.7.4.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1840"C:\Windows\system32\schtasks.exe" /Create /f /XML "C:\Users\admin\AppData\Roaming\SysHost\data.xml" /tn "Microsoft\Windows\Windows Error Reporting\SysInfo"C:\Windows\system32\schtasks.exesihost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
2232"C:\Users\admin\AppData\Local\Temp\is-A802F.tmp\Automatic Mouse and Keyboard 6.1.7.4.tmp" /SL5="$3012C,368446,121344,C:\Users\admin\Desktop\Automatic Mouse and Keyboard 6.1.7.4.exe" C:\Users\admin\AppData\Local\Temp\is-A802F.tmp\Automatic Mouse and Keyboard 6.1.7.4.tmpAutomatic Mouse and Keyboard 6.1.7.4.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-a802f.tmp\automatic mouse and keyboard 6.1.7.4.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2324"explorer.exe" "C:\Users\admin\Desktop\Automatic Mouse and Keyboard 6.1.7.4"C:\Windows\explorer.exeAutomatic Mouse and Keyboard 6.1.7.4.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2344"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Automatic Mouse and Keyboard 6.1.7.4\license.txtC:\Windows\system32\NOTEPAD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2484"C:\Users\admin\AppData\Local\Temp\is-L9ET7.tmp\7za.exe" x "C:\Users\admin\AppData\Local\Temp\is-L9ET7.tmp\form.res" -p"b1lig@n_vl"C:\Users\admin\AppData\Local\Temp\is-L9ET7.tmp\7za.exe
Automatic Mouse and Keyboard 6.1.7.4.tmp
User:
admin
Company:
Igor Pavlov
Integrity Level:
HIGH
Description:
7-Zip Standalone Console
Exit code:
0
Version:
4.65
Modules
Images
c:\users\admin\appdata\local\temp\is-l9et7.tmp\7za.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2716C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
1 240
Read events
1 100
Write events
140
Delete events
0

Modification events

(PID) Process:(1340) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1340) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1340) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1340) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(1340) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Automatic Mouse and Keyboard 6.1.7.4.zip
(PID) Process:(1340) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1340) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1340) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1340) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1340) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
Executable files
6
Suspicious files
3
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
764Automatic Mouse and Keyboard 6.1.7.4.tmpC:\Users\admin\AppData\Local\Temp\{F015882E-6B3A-4FD0-B28D-C4B1901C2B93}\is-D834E.tmp
MD5:
SHA256:
764Automatic Mouse and Keyboard 6.1.7.4.tmpC:\Users\admin\AppData\Local\Temp\{F015882E-6B3A-4FD0-B28D-C4B1901C2B93}\license.txt
MD5:
SHA256:
3420sihost.exeC:\Users\admin\AppData\Roaming\SysHost\data.xml
MD5:
SHA256:
764Automatic Mouse and Keyboard 6.1.7.4.tmpC:\Users\admin\Desktop\Automatic Mouse and Keyboard 6.1.7.4\license.txttext
MD5:
SHA256:
764Automatic Mouse and Keyboard 6.1.7.4.tmpC:\Users\admin\AppData\Local\Temp\is-L9ET7.tmp\form.rescompressed
MD5:
SHA256:
1340WinRAR.exeC:\Users\admin\Desktop\Automatic Mouse and Keyboard 6.1.7.4.exeexecutable
MD5:
SHA256:
24847za.exeC:\Users\admin\AppData\Local\Temp\is-L9ET7.tmp\form.exeexecutable
MD5:
SHA256:
3852Automatic Mouse and Keyboard 6.1.7.4.exeC:\Users\admin\AppData\Local\Temp\is-K9AKV.tmp\Automatic Mouse and Keyboard 6.1.7.4.tmpexecutable
MD5:34ACC2BDB45A9C436181426828C4CB49
SHA256:9C81817ACD4982632D8C7F1DF3898FCA1477577738184265D735F49FC5480F07
764Automatic Mouse and Keyboard 6.1.7.4.tmpC:\Users\admin\AppData\Local\Temp\is-L9ET7.tmp\7za.exeexecutable
MD5:E92604E043F51C604B6D1AC3BCD3A202
SHA256:FA252E501332B7486A972E7E471CF6915DAA681AF35C6AA102213921093EB2A3
764Automatic Mouse and Keyboard 6.1.7.4.tmpC:\Users\admin\AppData\Roaming\SysHost\sihost.exeexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
4
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
764
Automatic Mouse and Keyboard 6.1.7.4.tmp
POST
200
172.217.20.78:80
http://www.google-analytics.com/collect
US
image
35 b
whitelisted
764
Automatic Mouse and Keyboard 6.1.7.4.tmp
GET
403
104.28.31.200:80
http://avkit.org/home/getchannel
US
html
9.81 Kb
malicious
764
Automatic Mouse and Keyboard 6.1.7.4.tmp
GET
403
104.28.31.200:80
http://avkit.org/home/getchannel
US
html
9.77 Kb
malicious
764
Automatic Mouse and Keyboard 6.1.7.4.tmp
GET
403
104.28.31.200:80
http://avkit.org/home/getchannel
US
html
9.76 Kb
malicious
764
Automatic Mouse and Keyboard 6.1.7.4.tmp
POST
200
172.217.20.78:80
http://www.google-analytics.com/collect
US
image
35 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
764
Automatic Mouse and Keyboard 6.1.7.4.tmp
172.217.20.78:80
www.google-analytics.com
Google Inc.
US
whitelisted
764
Automatic Mouse and Keyboard 6.1.7.4.tmp
104.28.31.200:80
avkit.org
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
www.google-analytics.com
  • 172.217.20.78
whitelisted
avkit.org
  • 104.28.31.200
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Automatic Mouse and Keyboard 6.1.7.4.zip