File name:

Random Mouse Clicker by MurGee.com.zip

Full analysis: https://app.any.run/tasks/7dc947bb-5a6c-4568-850b-81ba15fe3965
Verdict: Malicious activity
Analysis date: October 23, 2023, 10:44:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

A0C825CA46C8681EB934A206E3CEF0B8

SHA1:

3FA0E8ACB5331D209EBF6AE9A32542E34279785D

SHA256:

D6745D1DD00BB2E6C56E12325CEB812988448440726A4A146CB56A45E51D55FF

SSDEEP:

393216:2URDlpJF2GMJu9YZ42qEJRPkdbpiJmmw7F:dpJ/MJu9YZpJJRPIi3w7F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • vcredist2015_2017_2019_2022_x86.exe (PID: 3436)
      • vcredist2015_2017_2019_2022_x86.exe (PID: 1592)
      • msiexec.exe (PID: 316)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 3828)
      • explorer.exe (PID: 1400)
      • vcredist2015_2017_2019_2022_x86.exe (PID: 3436)
      • vcredist2015_2017_2019_2022_x86.exe (PID: 1592)
      • msiexec.exe (PID: 316)

    • Starts itself from another location

      • vcredist2015_2017_2019_2022_x86.exe (PID: 1592)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4000)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 316)

  • INFO

    • Drops the executable file immediately after the start

      • explorer.exe (PID: 1400)
      • WinRAR.exe (PID: 3828)

    • Reads the Internet Settings

      • explorer.exe (PID: 1400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: MouseClickCounterHelper.dll
ZipUncompressedSize: 20208
ZipCompressedSize: 12412
ZipCRC: 0xb46853d3
ZipModifyDate: 2022:10:04 14:26:22
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
59
Monitored processes
16
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs searchprotocolhost.exe no specs explorer.exe no specs vcredist2015_2017_2019_2022_x86.exe no specs vcredist2015_2017_2019_2022_x86.exe no specs vc_redist.x86.exe vssvc.exe no specs msiexec.exe no specs randomintervalclicker.exe no specs randomintervalclicker.exe no specs launcher.exe no specs launcher.exe no specs launcher.exe no specs launcher.exe no specs randomintervalclicker.exe no specs randomintervalclicker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
792"C:\Users\admin\Desktop\RandomIntervalClicker.exe" C:\Users\admin\Desktop\RandomIntervalClicker.exeexplorer.exe
User:
admin
Company:
Daanav Softwares
Integrity Level:
MEDIUM
Description:
Random Mouse Clicker by MurGee.com
Exit code:
3221226540
Version:
28.0.0.3
844"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1244"C:\Users\admin\Desktop\Launcher.exe" C:\Users\admin\Desktop\Launcher.exeexplorer.exe
User:
admin
Company:
Daanav Softwares
Integrity Level:
MEDIUM
Description:
Launcher by MurGee.com
Exit code:
3221226540
Version:
1.0.0.1
1400C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1592"C:\Users\admin\AppData\Local\Temp\{25160179-5A3C-4297-8D12-1321B7FBA27F}\.cr\vcredist2015_2017_2019_2022_x86.exe" -burn.clean.room="C:\Users\admin\Desktop\vcredist2015_2017_2019_2022_x86.exe" -burn.filehandle.attached=152 -burn.filehandle.self=160 C:\Users\admin\AppData\Local\Temp\{25160179-5A3C-4297-8D12-1321B7FBA27F}\.cr\vcredist2015_2017_2019_2022_x86.exevcredist2015_2017_2019_2022_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
3010
Version:
14.36.32532.0
1804"C:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{2E9F65AF-4EBF-41D5-A80C-E24E9865D4F8} {BA1CAD1E-4DD4-4557-B9C6-5C86CC2B58ED} 1592C:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.be\VC_redist.x86.exe
vcredist2015_2017_2019_2022_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
3010
Version:
14.36.32532.0
2080"C:\Users\admin\Desktop\RandomIntervalClicker.exe" C:\Users\admin\Desktop\RandomIntervalClicker.exeexplorer.exe
User:
admin
Company:
Daanav Softwares
Integrity Level:
MEDIUM
Description:
Random Mouse Clicker by MurGee.com
Exit code:
3221225785
Version:
28.0.0.3
3160"C:\Users\admin\Desktop\Launcher.exe" C:\Users\admin\Desktop\Launcher.exeexplorer.exe
User:
admin
Company:
Daanav Softwares
Integrity Level:
MEDIUM
Description:
Launcher by MurGee.com
Exit code:
3221226540
Version:
1.0.0.1
3436"C:\Users\admin\Desktop\vcredist2015_2017_2019_2022_x86.exe" C:\Users\admin\Desktop\vcredist2015_2017_2019_2022_x86.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
3010
Version:
14.36.32532.0
Total events
1 744
Read events
1 731
Write events
12
Delete events
1

Modification events

(PID) Process:(3828) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1400) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList
Operation:writeName:MRUList
Value:
a
(PID) Process:(1400) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F6D6788197A75D498472ACE88906AC8D0000000002000000000010660000000100002000000048832D3FD0459F35F292D4F0571B992C6EB9F500D4ED7BC3B99927FC5331D217000000000E80000000020000200000003EFBFF3AEC091353AF9E58D48DF2D06E9D1BDED94E4937159293C20E513DDF0F3000000087034FE3522EDDAC6E83C331CAE7E3CB92B187260C4DAD8D1C31F9039AB30BE9E56E6C6EE2A54DD7C0FCB3257D6FF55F4000000040B806FFF8B32ABD66EABA7F35A86503B0F300E1B9A976FC4B3F6328F133A31ACB461ADFC86BE84974CB3AD9119C225504F24589D1CDC1655DA54BABE9CEF265
Executable files
59
Suspicious files
13
Text files
35
Unknown types
0

Dropped files

PID
Process
Filename
Type
3436vcredist2015_2017_2019_2022_x86.exeC:\Users\admin\AppData\Local\Temp\{25160179-5A3C-4297-8D12-1321B7FBA27F}\.cr\vcredist2015_2017_2019_2022_x86.exeexecutable
MD5:415E8D504EA08EE2D8515FE87B820910
SHA256:E0E642106C94FD585782B75D1F942872D2BF99D870BED4216E5001E4BA3374C0
1400explorer.exeC:\Users\admin\Desktop\vcredist2015_2017_2019_2022_x86.exeexecutable
MD5:AE427C1329C3B211A6D09F8D9506EB74
SHA256:5365A927487945ECB040E143EA770ADBB296074ECE4021B1D14213BDE538C490
1400explorer.exeC:\Users\admin\Desktop\MouseClickCounterHelper.dllexecutable
MD5:EE3EABF5E4A973B2D919156C63B95237
SHA256:60F611EFEF7FDFC5E5CE4FF5AAB9142A60E2233094BEC5786856323A4749BC66
3828WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3828.37550\vcredist2015_2017_2019_2022_x86.exeexecutable
MD5:AE427C1329C3B211A6D09F8D9506EB74
SHA256:5365A927487945ECB040E143EA770ADBB296074ECE4021B1D14213BDE538C490
3828WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3828.37550\RandomIntervalClicker.exeexecutable
MD5:9096566F5121D062DABE9C905F98FDA4
SHA256:E40964D99DD93B1813003E46D765AD70E6ECAF83DA5E77F129B7B2DE903937AF
3828WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3828.37550\MouseClickCounterHelper.dllexecutable
MD5:EE3EABF5E4A973B2D919156C63B95237
SHA256:60F611EFEF7FDFC5E5CE4FF5AAB9142A60E2233094BEC5786856323A4749BC66
1400explorer.exeC:\Users\admin\Desktop\Launcher.exeexecutable
MD5:4770B92F98A4E647DA4F351174DDA163
SHA256:BA59F3F81967345A17A82C3738975B9EAEDDBF85808885FF05EF9BBD47C18CE9
1592vcredist2015_2017_2019_2022_x86.exeC:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.ba\wixstdba.dllexecutable
MD5:EAB9CAF4277829ABDF6223EC1EFA0EDD
SHA256:A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
3828WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3828.37550\Launcher.exeexecutable
MD5:4770B92F98A4E647DA4F351174DDA163
SHA256:BA59F3F81967345A17A82C3738975B9EAEDDBF85808885FF05EF9BBD47C18CE9
1592vcredist2015_2017_2019_2022_x86.exeC:\Users\admin\AppData\Local\Temp\{8E918AFC-CFC6-4F68-AAED-966D36B6FBFF}\.ba\1031\license.rtftext
MD5:2DDCA2866D76C850F68ACDFDB696D6DE
SHA256:28F63BAD9C2960395106011761993049546607F8A850D344D6A54042176BF03F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
192.168.100.255:138
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Random Mouse Clicker by MurGee.com.zip