File name:

micro-with-editor.exe

Full analysis: https://app.any.run/tasks/965e4ad1-d763-4c64-a38f-a238e8316001
Verdict: Malicious activity
Analysis date: June 17, 2024, 01:25:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F244D3D390171485D2D4DB91BCE83685

SHA1:

0BBAC7A006E514FC0AB4269D42DCC27230F648BC

SHA256:

D4B8E6E32325BAA8739808A4E47E75F6C8E51DE0BD74B38F004ED8AF3463B3D0

SSDEEP:

98304:2jc0wgAOv+KLoISIK+UKgmtfjoUVViAtmSisoHosMpedKdWx8CVDi/C6dZf4eJCZ:pmC+G

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • micro-with-editor.exe (PID: 3968)
      • micro-with-editor.tmp (PID: 3984)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • micro-with-editor.exe (PID: 3968)
      • micro-with-editor.tmp (PID: 3984)

    • Reads the Windows owner or organization settings

      • micro-with-editor.tmp (PID: 3984)

    • Reads the Internet Settings

      • ReMouse.exe (PID: 4040)

  • INFO

    • Reads the computer name

      • micro-with-editor.tmp (PID: 3984)
      • ReMouse.exe (PID: 4040)

    • Checks supported languages

      • micro-with-editor.tmp (PID: 3984)
      • micro-with-editor.exe (PID: 3968)
      • ReMouse.exe (PID: 4040)

    • Create files in a temporary directory

      • micro-with-editor.exe (PID: 3968)
      • ReMouse.exe (PID: 4040)

    • Creates files or folders in the user directory

      • micro-with-editor.tmp (PID: 3984)

    • Creates a software uninstall entry

      • micro-with-editor.tmp (PID: 3984)

    • Reads mouse settings

      • ReMouse.exe (PID: 4040)

    • Reads the machine GUID from the registry

      • ReMouse.exe (PID: 4040)

    • Manual execution by a user

      • WINWORD.EXE (PID: 316)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 41472
InitializedDataSize: 17920
UninitializedDataSize: -
EntryPoint: 0xaa98
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 5.3.1.0
ProductVersionNumber: 5.3.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: AutomaticSolution Software
FileDescription: ReMouse
FileVersion: ReMouse Micro V5.3.1
LegalCopyright: AutomaticSolution Software
ProductName: ReMouse Micro
ProductVersion: Micro V5.3.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start micro-with-editor.exe micro-with-editor.tmp remouse.exe no specs winword.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\societyseason.rtf"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
Modules
Images
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3968"C:\Users\admin\AppData\Local\Temp\micro-with-editor.exe" C:\Users\admin\AppData\Local\Temp\micro-with-editor.exe
explorer.exe
User:
admin
Company:
AutomaticSolution Software
Integrity Level:
MEDIUM
Description:
ReMouse
Exit code:
0
Version:
ReMouse Micro V5.3.1
Modules
Images
c:\users\admin\appdata\local\temp\micro-with-editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
3984"C:\Users\admin\AppData\Local\Temp\is-IHAI4.tmp\micro-with-editor.tmp" /SL5="$20138,1983860,57856,C:\Users\admin\AppData\Local\Temp\micro-with-editor.exe" C:\Users\admin\AppData\Local\Temp\is-IHAI4.tmp\micro-with-editor.tmp
micro-with-editor.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ihai4.tmp\micro-with-editor.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
4040"C:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\ReMouse.exe"C:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\ReMouse.exemicro-with-editor.tmp
User:
admin
Integrity Level:
MEDIUM
Description:
ReMouse Micro
Version:
5.3.1
Modules
Images
c:\users\admin\appdata\roaming\automaticsolution software\remouse micro\remouse.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
Total events
12 256
Read events
11 715
Write events
223
Delete events
318

Modification events

(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
900F000092FA733055C0DA01
(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
33090FB0D886DA158A1068EE8D76BB97A4F96692F51AC6876D68D3B89B093A90
(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\ReMouse.exe
(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
E34F146A2E967FAA4ED6F00BEFE373D0FF28090BD250BD36226DB910327B6D89
(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Micro_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.9 (a)
(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Micro_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro
(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Micro_is1
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\
(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Micro_is1
Operation:writeName:Inno Setup: Icon Group
Value:
ReMouse Micro
(PID) Process:(3984) micro-with-editor.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ReMouse Micro_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
14
Suspicious files
10
Text files
10
Unknown types
1

Dropped files

PID
Process
Filename
Type
3984micro-with-editor.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\is-99R2U.tmpexecutable
MD5:6FC61A2907F2E39A1E450D7801ECAE43
SHA256:4E31D3155A3408805C91D1714BB45DE7847E77780BF3D91F3405FEB3EF9AC15B
3984micro-with-editor.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\is-7QI1D.tmpexecutable
MD5:FF79277DF5151CF5A8914A0E85866984
SHA256:D4F17CF96337223071AE65E05D09DBDBABFFD98937DB353B16F62968BB16863D
3968micro-with-editor.exeC:\Users\admin\AppData\Local\Temp\is-IHAI4.tmp\micro-with-editor.tmpexecutable
MD5:832DAB307E54AA08F4B6CDD9B9720361
SHA256:CC783A04CCBCA4EDD06564F8EC88FE5A15F1E3BB26CEC7DE5E090313520D98F3
3984micro-with-editor.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\unins000.exeexecutable
MD5:FF79277DF5151CF5A8914A0E85866984
SHA256:D4F17CF96337223071AE65E05D09DBDBABFFD98937DB353B16F62968BB16863D
3984micro-with-editor.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\conf\rms_conf.iniini
MD5:826B36CD9EBE733894E65B65774FEC91
SHA256:2BF2D12963AD4C61DFFEF9449B624C06F0E340D51C427417585AC889F3A56792
3984micro-with-editor.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\ReMouseMode.exeexecutable
MD5:6FC61A2907F2E39A1E450D7801ECAE43
SHA256:4E31D3155A3408805C91D1714BB45DE7847E77780BF3D91F3405FEB3EF9AC15B
3984micro-with-editor.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\is-H8AC4.tmpexecutable
MD5:4C4C885168375B0DE7F92561976DB66B
SHA256:653DE0891EC62F39C0C6492FBF6F8F3466D7A1172937B0ABC189FDB0DD5CD97C
3984micro-with-editor.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\conf\is-TAMO8.tmpini
MD5:826B36CD9EBE733894E65B65774FEC91
SHA256:2BF2D12963AD4C61DFFEF9449B624C06F0E340D51C427417585AC889F3A56792
3984micro-with-editor.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\ReMouseEditor.exeexecutable
MD5:4C4C885168375B0DE7F92561976DB66B
SHA256:653DE0891EC62F39C0C6492FBF6F8F3466D7A1172937B0ABC189FDB0DD5CD97C
3984micro-with-editor.tmpC:\Users\admin\AppData\Roaming\AutomaticSolution Software\ReMouse Micro\ReMouse.exeexecutable
MD5:AA004CC64E97C12913CEBA65D79CA523
SHA256:9CB7A66939EB517A3196A9E1921DB1215D6D5299BF39B0E1A0BD68C1B81F3E78
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
micro-with-editor.exe