Overview

overview

7

Static

static

1

XMouseButt....5.exe

windows7-x64

7

XMouseButt....5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27-12-2023 05:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XMouseButtonControlSetup.2.20.5.exe

  • Size

    2.9MB

  • MD5

    2e9725bc1d71ad1b8006dfc5a2510f88

  • SHA1

    6e1f7d12881696944bf5e030a7d131b969de0c6c

  • SHA256

    2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

  • SHA512

    62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39

  • SSDEEP

    49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies registry class 33 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
    "C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Modifies Control Panel
    • Modifies registry class
    PID:2440
  • C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    "C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1556
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1248
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8678768aa9e54528e64e8dab675fcba8

    SHA1

    ca4236d10ccb3fb8aec72026279cc55faf636959

    SHA256

    432d779fdeae7e58054a929841f503de9ca3a7e7aa2a3ec5bff1eae733c865ee

    SHA512

    a7b80299bb78ba641e38e5680d667d0b06062dde92173bbe812802093cf0d2872f3c43d72d496504a00f318aa89dcd08393e9cf83fc35210e76936bd49757ce5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d99a96c9b646ae53b4f49f8b02ceb04a

    SHA1

    ad6d6044436e9af3cdfe11786db222f3730fb0f7

    SHA256

    9709a9ad6f14365627feb5a154dda6a118f5b28d8c03e1a38e13a26e8b1a0887

    SHA512

    ff1c061589b32a5483e5f75373b0e189c8fcc534d1fbe934c99d9d1863a0d1f10e481a2cb524fc6a74ad25533f47c9260ad17f3ce7faa616eb3600accbdb219d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19adce8f8043ed6f9e3a3f756ca3fa35

    SHA1

    98f0e8197ecb51d5ec7a16323c875c13f44836c9

    SHA256

    ded95941b597d63c454924685e92de2f9d57a69315323fb7573257b2827491d4

    SHA512

    0838c028f1691552b1c21ce49a88d60cb7a01621cedd880f2848c00828b061c3027802f35a37689f4e30edd8d73cc2d29362ffada554976bb4a45a73ac9029f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30077e654f92b1a0f4ed838ed10c5568

    SHA1

    cca2185a9ea7ae56a08c6cf51cbb7390d6263a09

    SHA256

    cd3865a9d045d5902a4e7491c35292c17d90cab32548e720f7f0bc7229a0f85f

    SHA512

    9e14d53abb3c3f58e407778d75f360e0eb12c6df327b3779a7a95ada2c5b86050069b3cf4dcd1defec4d560467747a36c1b0e7f2a5dda3c7d20e2b7ac5772905

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c7b13b402db500ffef02852645f1e79

    SHA1

    6065335960c0ed95f306f07958b9265ed92cefa1

    SHA256

    034466870b243e95d5beaaa716abf7ebbc0e747b3e4920ed00058828e0ef54c6

    SHA512

    6cb71d1d68887f3d7881ae147fe66bd28f34127d73899da1d589ce5f991f15052b7d4a97670b5f8a5bfc6f5b004c60f93beb020317c0fd76ff9734f6f2fb25aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cacd92d21e48f59472d201f99b75083a

    SHA1

    56e0c7f9d8b64b05aeadb40aaecc2db35522b0ec

    SHA256

    1b0049d3878c26610815681ef90ea5f92c85200dd9a9139bcf9c82be2a6f0de1

    SHA512

    d8d46246b9a77bf947b5f63be9abe59b1584f8b563c2fbeb92ce53c032f1dcb0190a5a7b28b36bf49f2b5693b0984a7c09608bdc1c25143d7ebb09c9745915fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    467545e1d04e132027ab7fc5b32a725f

    SHA1

    f2226c908754b2b218b74a733ea736e6d1e31b91

    SHA256

    118553df2f1094bab9258b60d6f40fb987d1239c068633411c2d7b9520b216de

    SHA512

    5e42a98d299c83b151eefa4d8111caec8a23555605c47d4a29d82ba818d8cf84f1ab9f132302e7b788caa4040062e68cc759f79e03b3cd9b43e1b46b08e9545c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5bfd933539d39cdfd99bc5d3f349ab6

    SHA1

    0079754aacb17f0f54d0746d18482c3e492094dd

    SHA256

    6265df0764fb5c27e93899ff73fa79d91b92fd27177cdfd3bb85d9da85e78d2c

    SHA512

    716ea1b5c32edec15d4372d60d4617ff290f50bf9ac9d7d62a245b965b42a1e41316d1f9b4243bae8eb89bdeb7da4f1bc7e5a64a3040b563e7b38b8a5216a90f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c633c0354e5c5454f81ac70914b6b025

    SHA1

    5a9d48a8fa81caeffecf4f274d6eb40defabe11f

    SHA256

    6422867b6058ed99a5f7fe570916966edb7cb8d6c9ef3d016db09d3b30cbd017

    SHA512

    047f1130fb61111f4e71dffec7c2eda814808bf9f5ea901558bb3dc8f35f54b89679dfc3105da8f20bfc47fc3cbdfcc2648af0e974e9256b650b29f3e2d0e15b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91c22147e41746331c310da1f2ea62ac

    SHA1

    1661e20131448489c8a0811447b556c03ed2b64e

    SHA256

    af7620752b514d9fcef3275b5a9f0b48b263bd91a35253eec48bd159e159f00e

    SHA512

    d2ee3bd6c478148436217e3d532daa39f87c7dd6a27ebfd127aebc81db8d847cb83d1ffd75e94ad60e04e82517fbc93532ccaa3a1ec3b82a7f0755f3069d0eb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8cc04ac0853adc3483e407a81d0ba7e1

    SHA1

    75d4d8b43db627e660b6dd2950b959a97d049987

    SHA256

    71f321fd481c4b716caacffe31b088071d98bca6012e0d189eb48dfb14eb7232

    SHA512

    f8d54acc7dacc312a73519c45fc43c69692e936a26c18f93cfb4010f4a47784130429f6e620480e4799086ec9540d37f29f0ff26c3ab38ad57e66815f210949b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34df7073cf2df2aabef00237a22d3dbc

    SHA1

    0cd7e6161c64aa311a61c6c331fdf514e93fd63e

    SHA256

    05f58e75451b59971e2424bb03143c4dd95782b7d68cf815eb834703a8582a45

    SHA512

    7708a46c3a584b89ea90fd75f6ed323cb7b607a19a65a088bbc5bd5de16440fa4e771d3ae0bbe5c408f9d34d903642e47b2eca15e08cde1ef3eafd9a617dc4eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a8e2bfc8ad203782491f8eb803018d84

    SHA1

    0448e1456ead0e771557ec2e9a3cc951e251d966

    SHA256

    a004a7479ff5dd4a938384c1a667d2ac6d5404a9cb58c55d648e92a942ece2a8

    SHA512

    06dbe9809aa2bcd287f67eb250fee1035f390a0bc9973b745afe1cd0da711477b420f546148d1c8a9d94af01648bf2fc45c7d3e35e2c8f3d7b8409d387bb3140

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b853139fe4b1079492f963fc1b59daee

    SHA1

    96ee1118119a9fcb61bb344551a800edff8bb8f4

    SHA256

    56b02baf8e6bfebf924862cf2427a6e959e22709f703287c65abbae59be1c10a

    SHA512

    de6460d0bfd2b3875bd81cdcf2480ee35ac2cde0eaa405bb88b7d605d496f5dab6eae68a32781405fe44d9e91a51b3a9ec6d1c5e208191a8abdbd2e8e22794bd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat
    Filesize

    3KB

    MD5

    394f351c350b5ebca7884da4dce6ac8e

    SHA1

    2b5142cf9180ad3ba9c2844e93ab0d59e14ca2f4

    SHA256

    c70243f432287e94c59177cf5dadda4b4d6137c7b5bd708e29a5748f7299d4ed

    SHA512

    211b9499cf57569e8245fd346cc02546c40e51b508bb03c498ec8c232e2d6818ec71d6b8e8d2d76335bf342a67ddebc3f2bec77b48498a1de635f3fac991b5dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M61DDFBK\xmbc[1].ico
    Filesize

    3KB

    MD5

    1279bf31d9659ad2017369ec1b90473c

    SHA1

    0f21c5a8266c36af7909118899e1fa07590f2df8

    SHA256

    74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

    SHA512

    18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1EBDLS6\f[1].txt
    Filesize

    174KB

    MD5

    09bee7c0473facd8bc4f164e9b947e82

    SHA1

    0bccca925410657138e516307945221cc69ff346

    SHA256

    4cbcab5165b27a1b82d804e4a91f41a6c94c67123274c099e0930686f9b84302

    SHA512

    313ab81bd5cff40b403fef3cf34305b44d5dc46fa8121e4f6eb5dc5d7fc940104a4bffa71698e22f41b784731846a20e2ee6a56220b4d422bba1299a67d286d0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDF7.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE19.tmp
    Filesize

    92KB

    MD5

    71e4ce8b3a1b89f335a6936bbdafce4c

    SHA1

    6e0d450eb5f316a9924b3e58445b26bfb727001e

    SHA256

    a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

    SHA512

    b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd48C5.tmp\ioSpecial.ini
    Filesize

    696B

    MD5

    fa6a5417591e52029241d71f98f5a855

    SHA1

    921c572f873f48ce6dba5e35baff333e9b1915bd

    SHA256

    1cf18337682c3a5296c03268beb241e35cc67b4faee52a8ebbb54e9e6faf0ac8

    SHA512

    efd24530d70c5897dbed0518858b72ebc405d8d0b40750f723b05f3a8e3631df8eb2d64a188ffd593198865d052645b4071a8b5e53198e488b22602573d6d4d1

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    Filesize

    221KB

    MD5

    cb14b78097bce86f0a1c3168d0c3b287

    SHA1

    52da57367dd84f46b37fd57fb52ea7d16b329c2a

    SHA256

    978dab57fade754c7386b5721d17c5a7e03b2cef556e6a28bb4994211e6f414e

    SHA512

    832e93d2203c1e2d9b802f01e11107829fad442bf3a29b63d905543bd3f08b2f15650545a31578680f30c9e07c3b2a0088167ea391f388c7fe71a67ee6b41afe

    Download Submit

  • \Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe
    Filesize

    74KB

    MD5

    bfffc38fff05079b15a5317e279dc7a9

    SHA1

    0c18db954f11646d65d0300e58fefcd9ff7634de

    SHA256

    c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

    SHA512

    d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd48C5.tmp\nsDialogs.dll
    Filesize

    9KB

    MD5

    f832e4279c8ff9029b94027803e10e1b

    SHA1

    134ff09f9c70999da35e73f57b70522dc817e681

    SHA256

    4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

    SHA512

    bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

    Download Submit

  • memory/2440-232-0x0000000006510000-0x0000000006512000-memory.dmp

    Filesize

    8KB

    Download