2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
136s
max time network
138s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05-02-2024 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouseButtonControlSetup.2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1284	Process not Found
960	XMouseButtonControl.exe

Loads dropped DLL 12 IoCs

pid	Process
2376	XMouseButtonControlSetup.2.20.5.exe
2376	XMouseButtonControlSetup.2.20.5.exe
2376	XMouseButtonControlSetup.2.20.5.exe
2376	XMouseButtonControlSetup.2.20.5.exe
2376	XMouseButtonControlSetup.2.20.5.exe
2376	XMouseButtonControlSetup.2.20.5.exe
2376	XMouseButtonControlSetup.2.20.5.exe
960	XMouseButtonControl.exe
960	XMouseButtonControl.exe
1284	Process not Found
1284	Process not Found
1284	Process not Found

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouseButtonControlSetup.2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouseButtonControlSetup.2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouseButtonControlSetup.2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0009000000014534-133.dat	nsis_installer_1
behavioral1/files/0x0009000000014534-133.dat	nsis_installer_2

Modifies Control Panel 3 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Control Panel\Desktop	XMouseButtonControlSetup.2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouseButtonControlSetup.2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Control Panel\Desktop\LowLevelHooksTimeout = "200"	XMouseButtonControl.exe

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f12000000000020000000000106600000001000020000000e350ebf38d89ae04c1fdec667443008bf55af68a4598c81d486b87168267082d000000000e8000000002000020000000fb2c2f35044c4fa3d2743e140408e53d2c089527bb47bee1948e1a14fa4a4abe90000000e271c3cf0177fb0c88564edb45b3ce3b57021c206a1daacca05f191c52ba99702dde4ce01bdba0975a6dc58fada9725d8bc0d41cc754cc3addd003982cf448aea800e3caba79d7372c411d993e04b5a5620c87b887c12572caf31bd6884b4b4513896398b0b643291ed71ddca8cc8400d460b1db347b6ef5665b2569e588e72323519c040d36e77438f10fed11862366400000009fa396d32d478cbd7a403fe9cdcb20e413a4fcbc6b64c3792ef98eb7854c563158ab5611988516c12444257c09b2ff931e7e45d3547f9870aee0aee1c100794e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Cache = b104000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000046332ab722508540bf00312f0a24f120000000000200000000001066000000010000200000008921ca31ce17d2244ef4ed4718d4f7e6481cd798138b8d7aa4712a91beb19ed4000000000e80000000020000200000004058d01812cacfcd5098e71afe66321eaf63a93e8f6fe1d67d22ad6af4ed96a620000000cdfb5a68c58c3416f154fb8816ccf1bb28083ac70996859f8b878356025c4cee4000000091b695e21853d3281f79797fdde9f5bace0939e04abde8da176c756c65e69b12a970755018223ad98fc555bb2383841409167454af1c0fd95115cf2f000b3479	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80a6d3f54458da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1D358EF1-C438-11EE-A5B7-EE2F313809B4} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk	IEXPLORE.EXE

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouseButtonControlSetup.2.20.5.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
960	XMouseButtonControl.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1360	iexplore.exe
960	XMouseButtonControl.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
960	XMouseButtonControl.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
960	XMouseButtonControl.exe
1360	iexplore.exe
1360	iexplore.exe
1100	IEXPLORE.EXE
1100	IEXPLORE.EXE
960	XMouseButtonControl.exe
960	XMouseButtonControl.exe
960	XMouseButtonControl.exe
1100	IEXPLORE.EXE
1100	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 1100	1360	iexplore.exe	31
PID 1360 wrote to memory of 1100	1360	iexplore.exe	31
PID 1360 wrote to memory of 1100	1360	iexplore.exe	31
PID 1360 wrote to memory of 1100	1360	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Control Panel
- Modifies registry class
PID:2376

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1360 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1100

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Control Panel
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
890KB

MD5
fc11af4144069e61631233292bc79c21

SHA1
277249ff519e2fd1ad20d24fa05dff3e58454086

SHA256
de97666037190da89f8aec738aea3c18ca859c00efc164a45015ef17ad79ef2a

SHA512
4ff39bc2acc54f8c8b4df1900ce3ab749a0fa1c94767276bc8ad4e3aaf68217e023b5a6c523f6870cc0f3d1a8dc59e125bb82fd87d10e93c240866439751b378

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
557KB

MD5
79429c4ec489a05ea8c39477002911a0

SHA1
3ae0219c94312f37f0f04f8292f01c5714705c91

SHA256
2a1d6f9d2f019e037a87648ecced13edf1383dc3fa98524e66fc7f0efb3dd9a8

SHA512
8b94be411b6ace59a59d52ac4fe3bb611bc4930527a71e0f5a29c63c0791d07f06e2e09161a3eebec1b92a954a7b16a072e7c229a2a5f971e19d661b17e8480b

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1024KB

MD5
05fd0593b31cabdaba8c934d15447374

SHA1
101278972c75bd9fe1480be790eacaa9f0646f01

SHA256
f6f2e88df2d1edff0e105cfc0495616edb34b61c86883f9fb9bbd1bb8024c86d

SHA512
f7cb82bd7bcc9c16bb3d0503498b8194486d1f9fb09f0f12c2d011f5b83bc8cbe721da769897a2b5f419dc248433a3b0cbd3d6adf233177d40415920d114b3ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

Filesize
472B

MD5
85aba89c53bb7c2a4f540128473bc3b1

SHA1
493feea8df0a909b5b0e0cdc04c86b193fc76f27

SHA256
98e383259fd9f2d438b50930f12b97f0ecbfc10365e78cc24bb6154e2ca888f1

SHA512
08a64ec7a30d04da12cda38456315e19c1816f9382de4dfbc9646a2a755d7eb8c299334246b3831d63c2d668b369e1c2223ed3a570e0fb10537272b2c7402614

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
7d45f5c573df997ee3c2fc98ef90483a

SHA1
c38f734887e4c50e1f91ee5d57a25b131fbce94e

SHA256
b5906f27f2ba5e16448dbed736b25bafe1b505424bec3a132da7a6d6c39b6485

SHA512
92bf9a5e31eb9dd871a65a4ce96f134336f2cb0cc7d4481afab288a0bf002cc66bb40eda4566f24fea83a82ef9864c7364abfdcf811820789c5c2c48a3b99422

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
cb1957e4c22409fbecf650da9f070a89

SHA1
e8bded8f42389f77ac9acf70b2c804196f6648bb

SHA256
6692b31814fb00ac8d7710deb678c5f7c77070630d72015f50564f57393c77bf

SHA512
912ea298316df054bc0af7b086eff555141ec21af68ed1a4ba4040abbb0e2330a9828842a2b6b74b1c3c1d76db951d18f3e807e855275a0d83322a1a9e048a89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf466dadcfa5d6b97648d7f61e74dafd

SHA1
404e989b2c5e6e0c1a7a66d5d7b1a51a73a6ca72

SHA256
e8c0a6c3a8c6aea46b415d9d26ef3a0dfb751945be644d6d6d68b91abf620d72

SHA512
bd1159c97c8df84a487bb18a79c137e7564e6565ae476137a71f489f17bd6045330635050d367efad1dd46c631d01e83f13b33d9ec3d391688821d0f3a1c869f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f7b2020953e63ea4b699c43da3ea24b

SHA1
50832c2f8f367dc32847788efadf5bc8818ef4ea

SHA256
625da572816887e07627fd02b20b16b7749e66b8656dd18275ade03c068122f2

SHA512
fc603a21c9c78b31a29304d61b816fc57d75f2a08bfcd99efa6ab52819bb970eb01fcfcbb09fc8aa80af91a8e5d13547abc71f6aea99bd8e635698f66d0945ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d261dba6386385499ada4fda0e49fe11

SHA1
e4159f11af1e05436cf1948e9149faf9cd3337ec

SHA256
e600ae41ab7e31f000b0ad8f8d7621beee946080cc405f836232b6d6ecd765ae

SHA512
762dc74567e052f6964525c8ada986f46ad0e5385a74ce62a49f19e7cffaef162b6bf98b38eaa81f946a2fbf92b4baf1cc99666408fa8004862070f0f5197dbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9dc514af85749456795fd750ea0ad39

SHA1
0ef7c015e346fdde28c3363f566c7598889f7dd6

SHA256
c81ad9ce723401dd86908e94d160b68a4f301fb7fe75ea9476b4c7eff3df1800

SHA512
3bfaadcbee410bdfb84000f7fe3fad496e71da041d3af957f81838dda960e72edffb89d35bcda975a73b3aed732539ac4d7f14a3d166e18ecd3838189bf5182c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e97536917ee096908f9c3dcb8856643

SHA1
447dd3949480e131c98b0fa818e6b4096b132775

SHA256
9e402803254b93a45bad65f7f4fe64264d72f283bd30a10b415f9d6ccc90b3c3

SHA512
e993b2825b9b685a216c1761b266bfff4c89fed294d6f1cbb3524bfecd2f86514f5bd1c44bca7f3b762fdf5a47282bb49777ce37f016a7f5ceb87ec9d6a3b81f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5b04a6756eda5101b9638825989220c

SHA1
a17548521d0c2423f341bbe223ed1c15900b6baa

SHA256
fcc52adcd9b62be85db9463bc7bd2ae0f615038094eeadbb0a6eadc917100219

SHA512
3e877bc0f3d203ce131ec331a05790d0d4d22cf2bd629dccda748d722ca39d922f0d900c816b487970ef6328e4177821b3b8950bb3f5f0ec5db6909d4d0107cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56e48117316455e9fe202aec20f376dc

SHA1
815d2ca9ee92c94bd90a6af315e74c3178efec5d

SHA256
bc72d636c7f29ef4c4a0d3202fb4249f2f059369562f24858ab223ede0670fb4

SHA512
dc5678a9359e427fc12897975c70dd9dd40208d47bdcd5e8084ae222114ba0a921b803bd63730a3692fbc9b8e459c5e9e48d6f889bf4c9736ee2eca240ba5914

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10d120356a5ca5a7e6c7a269454c5c88

SHA1
fb1c3c424b8d675423b7953106049fd0aa4c27f5

SHA256
fd5c9b332160220661303c215f1dc2bdce8162c4ee2c3eae68fc1a94fbdd418d

SHA512
f788347cd57c9a3fa10bb34f2c9466bbee34452eeb2514bd077ed0b6b308acf7156b4fc40363ebeced0fb6ea1e2dbfe16aa6b2b52c37899989772cbc6d75542b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92fc4de45e3a913bff29050a32f615a6

SHA1
65004282f9863860aa1800661bcafd063fce4c1b

SHA256
43c9903050e3609ac9b18e0d1316efebcaad0cf98b420ab63c76c444fce55fba

SHA512
3bf6525d38365ebb6d11ebde9f13eb6996641637b4fb95bf413ed8a6215442b685ff6ad8d558f0dc6bf61ed57bb1d877ef276608c99c0b812f970cf0f301f40f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2e4b419ad5c9301d0fc17e87057e686

SHA1
fd001111b6a06eeda726723cb684967e40b4abba

SHA256
74186847cddfe7687f79649b3320ebb9c3d4bf11aed14efca157871e3a665038

SHA512
93361bfa8729428800ceff1bcc4d851b2a7e4d6fee6d861e4a8ca5ead7c986bed539c921802a4015a2dca69590c0d2745bbad9261e202cdf5e52aacb94473660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16f514a61862f7e3a65f3af1e56e16bd

SHA1
e5490ab6e61a095f9ede2afbc276c875f874d09b

SHA256
49e8788f3c5859b2f879fc05d3a8ffde6b7dda99e385bb6dd7038f54e8bf52a9

SHA512
14c0cd469bfca10f24b5170b31ffb5844d48c33f0de5b4e8b07d190db9d57e108a358f64e113680588cf3ce188660afe92585dd633d6d9b7dd520497a285111b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
358f0f69cbd57529a748663fec1169b2

SHA1
aad7549e2d812b0e51ea9d34c6f92b6dfafd67a2

SHA256
e4ff691af46f0be4b8fe846dccbdfbc993c53a2a9e14008627910909dc2fad9a

SHA512
3c363f0b57f8a4782f16528cab26ba36b9d4e0cc819e3432bd57d442b65e86ad341b62fe6a9999e0918e67864f5bde0c83d16cf10a112921022fb8f7975d6e34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f438b88d3372aeed1b6a2316d728a51

SHA1
c05099a43a769ac3716607202e49b12a3c3e9464

SHA256
d2a685a0e16e42f9cd8074cb73d0f68344c7f164ba43b53a5a47765443baeed9

SHA512
1c6bd6305aac0fbc614babd46ba23fc4b9d114e2877912972f72b79f7caf5f574b0a8224ee9159480e028710b25ef838f7d9265b9bc3857866a4375c252679b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
333c38525c75c400c323ccbce730c9ce

SHA1
fa81e23a7753cd86a4d4dc85e211df2f2ba70e70

SHA256
0cb75bb81a0525d6263c59c22affbe3a8c9e7815f3d415411ce7917e6e7001fa

SHA512
e7c39d20749cce7982f0fd5e4b4b090d3c6cd06d44de4070f769f734be1519e3fc46b3bd312c9cfba6cfb5e2a8c51f6229e707397b24e6b55e5689f5b5fa61dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abe33c86d76941d59fe3ebf289b101ab

SHA1
f9eae555426aa8e64738281200d43490e75259f6

SHA256
e79a4ee7f9aaf674f8bf464d7fc37ffbf3599d0e225c7666e9b0cd119adc41b1

SHA512
68f167cc722c2ef1c68a4c35a70dbd3da571bf5bf786dc25a201ec5a5c90dbbed93314cc65c2e9051d551410f2d88e4b66c7bd8174f0fe1a4538a3411fa51e63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bef261a4deb02ad677c7b8fb2f5b34b8

SHA1
86c73a628db222a7d0913ff697614adb7c91d218

SHA256
2723b114e696d4cbc10ec341516032d39b5b3a0a86e9c60d11bbaad3e80338f5

SHA512
6092d04ddd4ca7ab490614fcb80e7de05aaaf8ce485a6bc0966e12dc5361f22b96c64f7532e2cc8bd1ce7d3c5f1eb19818177aa37ccf931b72e1e17a923dd1a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3b3e4fd899a3de0f7a944df4d76429d

SHA1
5faf4e99ecbc69e4bbf4d2f2aea095679ce17a9f

SHA256
c699e073e4ae748f571eb917ac316641e1a92cc0e5706f3a87befcd9838bbb20

SHA512
3700a68a47401c1d5f0d9774f2731eefd4e7823b516362643b2c6c38ae5dc5d7b227e21ad000c7b564c161d9dffd5100a97275efc8ed1e330c5df90aba8fe71f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0472527668d492b5f9ee8e29ff6ec027

SHA1
fc8522321558d6da90ac6a055901856be3f52965

SHA256
f28bf76f5a1b50caf6471c003162d4901cff196a36f50f2cfd8214bc34b9950e

SHA512
bafbb10c40606fb70f877bb74fb16f5a4bc470cc29616796dfa26190781c521e3192164e6137702d54f3f95027ae87022d74853b7f758212911c78c71d1e7b62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8c975efd8f3883b68dd07848677071c

SHA1
a9691f4bad51e629f3117fff98846f3469b2e65d

SHA256
975522fbf66505381c91f15790e846da1fa8c0cc1ec3ffcae8e6888bbf6f4e7a

SHA512
17d0f8b58a4a06f93cee9e1f3f75fecf682333327042dc4c08b8ac7eaaa8f47cc6389247ea9ca3c3439dea66034a0e7541416f95e49c3ddd4d96e8a3fbf26ec7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2a72ae4bc7a3fcf916c013c1fb63b7e

SHA1
85f23abd5d4a3799aba75fc60b50b4d9fe2d7ac2

SHA256
2fd5f12e7bcfc6be34af7c5e4299dbc430927183948628f58c0c8f6ad23c7a47

SHA512
923bf27d07b84085c3ea6fa1a4c108f999ef3b76de79820afa66822738eead3650d66045616b7b274adc3434c5c877717e311866cbf7d121fa3f389236cd5087

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dc44f15f47ed9404c703ba1fbd8c6e5

SHA1
b1ec9c04a515cd67d5bce92087d497fe2c4cfc07

SHA256
ad74409398a52a523c08a15e077897a23b8243b5f65166867034f73dd89fe1e9

SHA512
874426eb9ea736bb375799735c8004de8ef8f86456e5223c751917fc0e04e966920bf1bc98aa9f3b0c9e156189a2ac858d4aedc726facb50ac3ad45cf08faf71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6679c2988b81a885056a9260f309c319

SHA1
3170cefc9a383a78ac00d78c9f0e9858039b89d5

SHA256
d9fb2707b691125b8e25ea93086d871cc374e8bdb45735f97c33554fae214b6e

SHA512
b6bccf45fc00e2ada58efb16c787f85171544a99d7ad05d9778f424c7657f5063150d10133056aff8c8558bbda621fe081d1efd16b13e378519808bf7a66b0e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d69364930c224914ca8e98fc7731197f

SHA1
005a47eab945b5116ae35e5af12e20fa5e46af9b

SHA256
48a811d4d9ba6ee38a91ad9d96ee284a0c580ba72f13c4d5b4dab4065338e906

SHA512
6b8e7a027467cda4a064df3d6b15da967a720cff356c7da866e2327aaf713c0a0435a76f849a6cb28def66edfdbd6767266aed2df356c436355dd42982206b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e522b911daeb056bce46759722492032

SHA1
47671e682a12191acd675371cf28f5f28d604c7d

SHA256
a50740f4a7568ecca1c9b9d681bcd18efaa27731b5af78523dd6e0d5cda2c9f4

SHA512
21bf6c93bf8285de9c9c85e0f57cf459f5761157716caa52f83b17ce66b9606eaf2f10625705ecb0cdcb799af2e70b9fb2d0cb01ac9890f0f7d2242c74ad01fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
46fe53d8059cd0f23aa60bc2e1b57823

SHA1
23b09c68257583d3fa644645528fa4ac3865c59d

SHA256
679ce6da3aca2f8246514c5187441c800474b4f94a95cb350804492be83cda5a

SHA512
eed047715c54f6afe7c54e6a02fdd6fcc6cefedda1279ca494e94ae1bef58c694bc6b23722ff7c53f09f60ee4b70d99fa17a86014efa5c902764450646cc0dfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

Filesize
3KB

MD5
c4ebab93db12351874d243053d6a3a69

SHA1
edf296c175047c538918fe91cb861ea5cc8b8622

SHA256
08c3ad853b265629daf006208e4db8a784451a1149a9c0dfd390f58590f25823

SHA512
0d0073e76f591d1c3075a511b3e450c0b7e8f8f58ab377f64aa04232dc3e095e70b5700d01d82fdd6234b37c350b2ab03c46c249767dbec77f86279e584cf0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95WYY4JG\xmbc[1].ico

Filesize
3KB

MD5
1279bf31d9659ad2017369ec1b90473c

SHA1
0f21c5a8266c36af7909118899e1fa07590f2df8

SHA256
74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

SHA512
18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G11UREZL\f[1].txt

Filesize
176KB

MD5
bef3ffda143d8d0bfe5c8a15ca9ce614

SHA1
f823ad59e0008d7fa9febbaaef35254d05fcc5d2

SHA256
909e0c3d793eb212094e1812437b5c62b5298eda9da6882f204185f6cb4c1e53

SHA512
cd8d0b2ccd92465f082ee83f5544e5840113db05dfb697d05f9da527704360817c5a96f13f58be9e9c56540dafbc4fb59976e6279208184828946b1cb43746ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G11UREZL\flUhRq6tzZclQEJ-Vdg-IuiaDsNa[1].woff

Filesize
161KB

MD5
3e1afe59fa075c9e04c436606b77f640

SHA1
e4bb7c1e40d3febee58df963db276b2bf68c117b

SHA256
fd84f88b497040d4f7d5e8c9f8635aef8d3e706c0fa52e2b6facf14eee87e522

SHA512
d60da32bdc3542b7c6fcf766659d982fd66816705d6f8fa11785410e507dcaef6b319b19e58528a967a4b705058d9c9b1c5f8f41cf33da6f7957b8c6604cffac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3AC4.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiB0A.tmp\ioSpecial.ini

Filesize
695B

MD5
db2367d45a170c87f16fb5b48691f87b

SHA1
b24ac5e52dc13be4674361aa6eac9714cb5363ef

SHA256
fd9569a089b8d471acda6234148f12eab9496fb109bd97d84e85f58d86ffd5b1

SHA512
cda7eebfb583df1a1fca956c7723f7acdc94fcb8a1b65e785bcd95cd253f68577b1d1d8bfe75b638d7fa2d4872761b982342a6decfb26327e9f39d468b442516

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiB0A.tmp\ioSpecial.ini

Filesize
708B

MD5
19a2571e3a0334523ee4402d074d825f

SHA1
d7f635afab6f8877a258ed4ac957d9856b1b2d4d

SHA256
f4364a9294e79a8fd4b10aa55cdc8242f5f43aa40465c8b3fa8e4953a260cc47

SHA512
1e7b0e5e4a52c6d5e47e23eb99e6f85b133229c6f735af999656afb4b0378954ee2c11a367efcaeb89465d058456928ffbff40eb4308d4cc046ae7794e10e8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiB0A.tmp\ioSpecial.ini

Filesize
725B

MD5
1f9b37b0cc8209fd21241bbb5426db4b

SHA1
adc1ab8f05ab7b65b00e7fcfe19e91c9028594a3

SHA256
e057b953c6e5a5a7358445303c400c4b445581c40e7207757f4d4142f02fffc4

SHA512
0d33a3b767cc6e70c64364862b1d6c8aee6dd578d8c7ecdb9bea3e1e5a8b91fc2b6f367beec3a00c0c3581104d7c1e767de50b94e7cb7e5b0d4f125c6e01cf76

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFF3C83B6C86EA7653.TMP

Filesize
16KB

MD5
2f2b1471dabb54de7f364719a10742c4

SHA1
140929cc135b8bd6ed33e75c3b6be6a0273eed1c

SHA256
5b9bbd1c2b2e83b937a69affc8ad8f3869af4348cb0e29d3dc9a0086ac7173f2

SHA512
cae5f92d1189d4a193dd6beee15fe619c4cbb7a287cc17ce245a528b1a447508ad24766d7b4ccef50ca3c4455a8cc6a66bb07262aec43afc7d4bb68630babf2a

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
513KB

MD5
ea81d1bc349bbd8aa853e0989f8e4738

SHA1
ff9c4b214bb0fee89a1224aa589774b0a40633a7

SHA256
76583548fd86ceeaef2a432310f2d3c288a6af77b2f1577853d7378d4d998fb4

SHA512
7b2f1753e6437c5c6913a69befa5659979f80e9e1cfd2972f3ed55aa53a054001ceccf9e372762497174442f59cfb5ec32623ae1b15f30363e601b47bae99cc7

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.0MB

MD5
eeda041bdecc320190820dfd22ffc548

SHA1
b638077ecd032283ded6450bfe8fd61d558cedf0

SHA256
1225e301523d54677159b16bfdcd8c68e92362c3db4a3e9c0b5774644829d478

SHA512
4675ffea21dcc20f058b2490ec440922d2824a4f7d3768185b6e594831186c3e5cf185591494841f4e5ef79b44aabfb57fe860a7e758f712c6bf2eead153a863

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
740KB

MD5
c124d6ff457ae2532f3f927b4d95eb51

SHA1
491ef58f42eaf07272e4d2cef3aa34576e466322

SHA256
6ae6d6bca78d694b94a746b5ba55d4aba9b4d06d7d0deca589f69a41fe7cc61c

SHA512
165b429742ca7aef996ff5463d4b3bc8b67c3c6569b0d1ed846fe2b545a17ac68e78c673595cc09bfa5bd4e17e150f4b089d2d10b8a5ad74ce70fac086586e6c

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.3MB

MD5
2ebdff884524f4cf8d7c859af9821801

SHA1
72f6280ee75a650e7331abc8c1fe8ea7de5e674c

SHA256
5b78fb98478182e1b1772d923ff1c03fdfdc49266793c2f81e952ba0d7d21aaa

SHA512
9e9c3e0a6faf499ff53247a1f2ffbd7db9b9dbc124cbe0c6360f17ba40d096a863203b75e9cc42d56072488d5a1916a68242f2bc9db48dfc309cfb51d5954390

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
709KB

MD5
69bdea3a21cd8d737c0292170e572171

SHA1
57318d8f0919cf068d351a8790ebf8615677fa6e

SHA256
80b8099a2ce22b9c5dad3e93b2726e094b9fac1c32017d3fd70b825572689538

SHA512
1432a0b64dba09f8e5dfb822f2ecb936e2f1ba79112339baae1c4729fb8998829aaef6e0c6b5907b7d8a9089e07c52bd720f68f3e2c4b4930ba1aeebd60cb190

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nsiB0A.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nsiB0A.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsiB0A.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsiB0A.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/2376-232-0x0000000000570000-0x0000000000572000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads