File name:

Random Mouse Clicker by MurGee.com.zip

Full analysis: https://app.any.run/tasks/7dc947bb-5a6c-4568-850b-81ba15fe3965
Verdict: Malicious activity
Analysis date: October 23, 2023, 10:44:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

A0C825CA46C8681EB934A206E3CEF0B8

SHA1:

3FA0E8ACB5331D209EBF6AE9A32542E34279785D

SHA256:

D6745D1DD00BB2E6C56E12325CEB812988448440726A4A146CB56A45E51D55FF

SSDEEP:

393216:2URDlpJF2GMJu9YZ42qEJRPkdbpiJmmw7F:dpJ/MJu9YZpJJRPIi3w7F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • vcredist2015_2017_2019_2022_x86.exe (PID: 1592)
      • vcredist2015_2017_2019_2022_x86.exe (PID: 3436)
      • msiexec.exe (PID: 316)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • vcredist2015_2017_2019_2022_x86.exe (PID: 3436)
      • explorer.exe (PID: 1400)
      • WinRAR.exe (PID: 3828)
      • vcredist2015_2017_2019_2022_x86.exe (PID: 1592)
      • msiexec.exe (PID: 316)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4000)

    • Starts itself from another location

      • vcredist2015_2017_2019_2022_x86.exe (PID: 1592)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 316)

  • INFO

    • Drops the executable file immediately after the start

      • explorer.exe (PID: 1400)
      • WinRAR.exe (PID: 3828)

    • Reads the Internet Settings

      • explorer.exe (PID: 1400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: MouseClickCounterHelper.dll
ZipUncompressedSize: 20208
ZipCompressedSize: 12412
ZipCRC: 0xb46853d3
ZipModifyDate: 2022:10:04 14:26:22
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
59
Monitored processes
16
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs searchprotocolhost.exe no specs explorer.exe no specs vcredist2015_2017_2019_2022_x86.exe no specs vcredist2015_2017_2019_2022_x86.exe no specs vc_redist.x86.exe vssvc.exe no specs msiexec.exe no specs randomintervalclicker.exe no specs randomintervalclicker.exe no specs launcher.exe no specs launcher.exe no specs launcher.exe no specs launcher.exe no specs randomintervalclicker.exe no specs randomintervalclicker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
792"C:\Users\admin\Desktop\RandomIntervalClicker.exe" C:\Users\admin\Desktop\RandomIntervalClicker.exeexplorer.exe
User:
admin
Company:
Daanav Softwares
Integrity Level:
MEDIUM
Description:
Random Mouse Clicker by MurGee.com
Exit code:
3221226540
Version:
28.0.0.3
844"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1244"C:\Users\admin\Desktop\Launcher.exe" C:\Users\admin\Desktop\Launcher.exeexplorer.exe
User:
admin
Company:
Daanav Softwares
Integrity Level:
MEDIUM
Description:
Launcher by MurGee.com
Exit code:
3221226540
Version:
1.0.0.1
1400C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1592"C:\Users\admin\AppData\Local\Temp\{25160179-5A3C-4297-8D12-1321B7FBA27F}\.cr\vcredist2015_2017_2019_2022_x86.exe" -burn.clean.room="C:\Users\admin\Desktop\vcredist2015_2017_2019_2022_x86.exe" -burn.filehandle.attached=152 -burn.filehandle.self=160 C:\Users\admin\AppData\Local\Temp\{25160179-5A3C-4297-8D12-1321B7FBA27F}\.cr\vcredist2015_2017_2019_2022_x86.exevcredist2015_2017_2019_2022_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
3010
Version:
14.36.32532.0
1804"C:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{2E9F65AF-4EBF-41D5-A80C-E24E9865D4F8} {BA1CAD1E-4DD4-4557-B9C6-5C86CC2B58ED} 1592C:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.be\VC_redist.x86.exe
vcredist2015_2017_2019_2022_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
3010
Version:
14.36.32532.0
2080"C:\Users\admin\Desktop\RandomIntervalClicker.exe" C:\Users\admin\Desktop\RandomIntervalClicker.exeexplorer.exe
User:
admin
Company:
Daanav Softwares
Integrity Level:
MEDIUM
Description:
Random Mouse Clicker by MurGee.com
Exit code:
3221225785
Version:
28.0.0.3
3160"C:\Users\admin\Desktop\Launcher.exe" C:\Users\admin\Desktop\Launcher.exeexplorer.exe
User:
admin
Company:
Daanav Softwares
Integrity Level:
MEDIUM
Description:
Launcher by MurGee.com
Exit code:
3221226540
Version:
1.0.0.1
3436"C:\Users\admin\Desktop\vcredist2015_2017_2019_2022_x86.exe" C:\Users\admin\Desktop\vcredist2015_2017_2019_2022_x86.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
3010
Version:
14.36.32532.0
Total events
1 744
Read events
1 731
Write events
12
Delete events
1

Modification events

(PID) Process:(3828) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1400) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
Operation:writeName:MRUList
Value:
a
(PID) Process:(1400) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F6D6788197A75D498472ACE88906AC8D0000000002000000000010660000000100002000000048832D3FD0459F35F292D4F0571B992C6EB9F500D4ED7BC3B99927FC5331D217000000000E80000000020000200000003EFBFF3AEC091353AF9E58D48DF2D06E9D1BDED94E4937159293C20E513DDF0F3000000087034FE3522EDDAC6E83C331CAE7E3CB92B187260C4DAD8D1C31F9039AB30BE9E56E6C6EE2A54DD7C0FCB3257D6FF55F4000000040B806FFF8B32ABD66EABA7F35A86503B0F300E1B9A976FC4B3F6328F133A31ACB461ADFC86BE84974CB3AD9119C225504F24589D1CDC1655DA54BABE9CEF265
Executable files
59
Suspicious files
13
Text files
35
Unknown types
0

Dropped files

PID
Process
Filename
Type
3828WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3828.37550\RandomIntervalClicker.exeexecutable
MD5:9096566F5121D062DABE9C905F98FDA4
SHA256:E40964D99DD93B1813003E46D765AD70E6ECAF83DA5E77F129B7B2DE903937AF
3828WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3828.37550\Launcher.exeexecutable
MD5:4770B92F98A4E647DA4F351174DDA163
SHA256:BA59F3F81967345A17A82C3738975B9EAEDDBF85808885FF05EF9BBD47C18CE9
1592vcredist2015_2017_2019_2022_x86.exeC:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.ba\1029\license.rtftext
MD5:E7DC9CA9474A13FA4529D91BCD2AB8CC
SHA256:503C433DCDE2F3A9E7D388A5FF2B0612E7D8F90F5188D5B2B60228DB33044FDE
1400explorer.exeC:\Users\admin\Desktop\MouseClickCounterHelper.dllexecutable
MD5:EE3EABF5E4A973B2D919156C63B95237
SHA256:60F611EFEF7FDFC5E5CE4FF5AAB9142A60E2233094BEC5786856323A4749BC66
3828WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3828.37550\MouseClickCounterHelper.dllexecutable
MD5:EE3EABF5E4A973B2D919156C63B95237
SHA256:60F611EFEF7FDFC5E5CE4FF5AAB9142A60E2233094BEC5786856323A4749BC66
1592vcredist2015_2017_2019_2022_x86.exeC:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.ba\1028\thm.wxlxml
MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
SHA256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
1592vcredist2015_2017_2019_2022_x86.exeC:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.ba\wixstdba.dllexecutable
MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
SHA256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
1592vcredist2015_2017_2019_2022_x86.exeC:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.ba\thm.wxlxml
MD5:FBFCBC4DACC566A3C426F43CE10907B6
SHA256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
1592vcredist2015_2017_2019_2022_x86.exeC:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.ba\1029\thm.wxlxml
MD5:16343005D29EC431891B02F048C7F581
SHA256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
1592vcredist2015_2017_2019_2022_x86.exeC:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.ba\license.rtftext
MD5:04B33F0A9081C10E85D0E495A1294F83
SHA256:8099DC3CF9502C335DA829E5C755948A12E3E6DE490EB492A99DEB673D883D8B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
192.168.100.255:138
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Random Mouse Clicker by MurGee.com.zip