2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
20s
max time network
34s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-02-2024 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouseButtonControlSetup.2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1256	Process not Found
1268	XMouseButtonControl.exe

Loads dropped DLL 9 IoCs

pid	Process
2196	XMouseButtonControlSetup.2.20.5.exe
2196	XMouseButtonControlSetup.2.20.5.exe
2196	XMouseButtonControlSetup.2.20.5.exe
2196	XMouseButtonControlSetup.2.20.5.exe
2196	XMouseButtonControlSetup.2.20.5.exe
2196	XMouseButtonControlSetup.2.20.5.exe
2196	XMouseButtonControlSetup.2.20.5.exe
1268	XMouseButtonControl.exe
1268	XMouseButtonControl.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouseButtonControlSetup.2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouseButtonControlSetup.2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouseButtonControlSetup.2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000018ae5-133.dat	nsis_installer_1
behavioral1/files/0x0006000000018ae5-133.dat	nsis_installer_2

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop	XMouseButtonControlSetup.2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouseButtonControlSetup.2.20.5.exe

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{598D2FC1-D39C-11EE-84A0-4AE872E97954} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouseButtonControlSetup.2.20.5.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2000	iexplore.exe
1268	XMouseButtonControl.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1268	XMouseButtonControl.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1268	XMouseButtonControl.exe
2000	iexplore.exe
2000	iexplore.exe
960	IEXPLORE.EXE
960	IEXPLORE.EXE
1268	XMouseButtonControl.exe
1268	XMouseButtonControl.exe
1268	XMouseButtonControl.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 960	2000	iexplore.exe	31
PID 2000 wrote to memory of 960	2000	iexplore.exe	31
PID 2000 wrote to memory of 960	2000	iexplore.exe	31
PID 2000 wrote to memory of 960	2000	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Control Panel
- Modifies registry class
PID:2196

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:960

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
512KB

MD5
a170046beed868f18836fbf165c2d9cc

SHA1
d1a1a19c4a7842a8e3eed5a260579227a48ecbad

SHA256
c9b25beedcf175bd2e52ffdb984584b19d2abc8473dc35246d402e03cd9d1b61

SHA512
9bd72cccc63a0773ac87c6f5d913e5e0af20d2fae7dd2a1b9a1bbfd3132c63604bd79445a42c90208146097ac11689ff7c57cc2491a5338a4bbc1fdd072b45ee

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
28KB

MD5
6cd7a37b87e402a177734f3f2f4c9cff

SHA1
4cf4e117276fc2068d3b33dc897b6bb5d79a108a

SHA256
740f3c42070a71a9627da1e9f4fdc1593ecf093d026191ec18879bbb0dd59664

SHA512
f6c4cb36329a9a6bf487a919c1d55142a5e30585969f92efa94b8832fa810641a89084fee963c5e0410c7d471443ef1ec18e72b06bddea8e2f9984aa8be0e11e

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
512KB

MD5
0907dd5d52cd0deb58e868c88a50a279

SHA1
e8d3d0e3c24402479b28b6e3ffb7a138da28b913

SHA256
5be0caf405699152fc54b7366581688abe9c11168cbf989eb33bd5c11c7caa8a

SHA512
392fbe4d6fcead509d20ffa5e81f4659ce28c43e7c303495a3f08404c3578bd9f5493bea7e1309a4e4b7cf7a11589fb4061468fe5525875e249f95b87f246b88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
56109318c448015febd7a4352e774c75

SHA1
d67cab475ace4a3968d384607a3f3a7f90768147

SHA256
1e383437a57ba7f3e9f1e04e58ee4b652c8b5fa144c065013559d0e0bf58e547

SHA512
0d9ffe8322894d87034f6ad01bedd6f34313a9b2a78e5c181a1a4c61a0d9bfa34a17e8bb014ad891c8474eea63fc398feb436fc10a4d4d1bada7977df1ee5167

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d1473bfd35881bbb5304d4ce3df7021

SHA1
94c9af00db8bfa61b5e833ac5a81c2fed9c7a63b

SHA256
2edd328b63877f33f357005b5b3a9e71d1d1ab8656a212835482d2d8bb2bf73f

SHA512
9a1b2a36ccec8dfe3014f2db1cdbb2794aa4be4bc6e1d2f929daee67d4cc2eabb02cc4bd226c169873c687c347996335f70dd9c63fb8568ed4700849a67e375d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ec698140cbc8f69dc0e86e2a85177d5

SHA1
bf2dae417d660e7be988e3ec242eee3ecd381de2

SHA256
2c5124c0af88482a061debe2abaa7f6936e7f358170ef726ee06d1fb310a6fba

SHA512
ccef8a2c8a60c4c82bce3bb5a2f8dc86752e9ef8939cf955ac9d52682d5370a17f66aa9078da2a88e0a1ca7503b9f44cafeea7be50803a0e15aa1f2e68a05cd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fce6ff1837ac76a979d2bdbd8e25a812

SHA1
c968262fdff56a5be14c823a068edfc6897498a2

SHA256
ee37224a61381d6c2cbe12b1f5afe65574d74fd1bce2349809361c46812cc8db

SHA512
5a19b907db889c206c4883c37f14aaf251e1b9a18f547e62873fe1b09eb4234d41c470009c6bf228cece3833a86d7cc8800680e674b723f4c8d56ac0ada29627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d7fe3b00a8ad89a06984a072a6a4023

SHA1
c11792d69f28e97aeadcaec02cc392f1b3918bc1

SHA256
2cc14b954b178a4794ab3b728f4214fa8ceaec60c384326adc7333b64bb5f0f0

SHA512
9c81758a1073b1e1afe4b71ffdd5d4377575edf26130f6fe6e8b32ca023e380b5e32790eb2ef8c56fa8b483080c1016d8e7627ad2632a7dca2f5a76a72e2b370

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dce668bf252d5b9bd63002e77256f271

SHA1
251940a3009497ba802d76101b15d196bf8cd28e

SHA256
1e94cdc201343f48e84b9d5f238b4897c4d30b6625f4bdb9a9265f1e95f04e16

SHA512
2ba3542d1085e0c6b4619d838a54a463c44b11f45d059b85a6a209a624430ce430e2eb12920cb4e09d9463b9ca6c9bccf7c34adaa5cdbd4b0d5899c883c310c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ecbc685279b5e08485c7d8070bd9fac

SHA1
9044e096c7f2d295cf4ee809073b1c58be46f407

SHA256
d1cdd2c5e934baad032bee96a467cc0a4bbbeb4f3e65472c4bb2b3c3b150411c

SHA512
4172063bbdc77798b64dad775ead38571d5ce592eebf49da3b83d6fea466b082749a6b7c9d93d92ee4092805a4aaac46f2194ced24e6512efe22887efc155b91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14dcccf28ed03ec6f6231e64e52fd263

SHA1
532d8c6bcda8e43c4b58a0bba7736969a918b632

SHA256
00b349ed11522c024eb548de7ec81504ce551cd02da4154a3e72870910921cab

SHA512
32489c54fb294ff3b3c19d623364b88a805d868f77a9f8774495862a0b6a974b4709c6ad23ae1c5aee6eddac0d1951403f996f79d5fa640aa09b387cbe4a1ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
074f7f0a7159b495d7b4e96191c09f08

SHA1
f89d283fe02659aefeee1c570266049a48dbbea6

SHA256
0fb65e67545d30af6147e48462672f07532baad00ffa55736d8e0b7de0567620

SHA512
3c799d9c6d63a800f2fe567922228264620c35c19b5b97eab790a14ad1ac5e8a07c690aaa8fcfda682cba102c4cf94d91e34ba2c321999e98bb0ddff7f295d7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2344a5b81b5290fa8ac6c8044e330426

SHA1
414100a8bbf68dd49183e573e565f56e853ee20b

SHA256
14ed3f5ed1da1ffeea7a2af21871ca2c230e27b6eecb4c5ef2410bdcce7b4881

SHA512
0895e511269cf9670910e0c00e0b086326206ba85b3dcc827d889c23dcefdb67a50a34e48450b97a6ab699a28bd4f04516fb13bd7fe1b32e4af5680cd5adea71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45de2157c96d4114a536bfe56a39b784

SHA1
3dc3a7301b949928f9c936de5f524992e2c5e312

SHA256
ca76b7dddbf30259822fe968fd6bb0746030cdcddf966f3ef21a188296b20dbd

SHA512
e7316d6a1838d46ceda91baf96d50743032cfa2eae24a4b24c0e7dfe9ac59892bf21cfe6f64d27a5f6e6ec960c3233a9fce88ab0a4ad1d260e53cf917c58969c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a1fe23c218bd295ecb59ceb21d197f2

SHA1
6b05db1f7fa6e7a9e095d280e7f210c159fde0b5

SHA256
8ae89cd36fba325d92188753e537bceb6050f882a5606f7383a41ffeadc02616

SHA512
146b296abae0aab4cde20babd312b1b713badacadf097f53701f41a1c553bc00edafd64dbc080031f7f04b97ddfc27f8f8509968a6b6c8368307aadc24fce2d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c00c8c21dc279ca450c679de3e4486a4

SHA1
107fe74d1a3b5f3b2662328594c5bedce1f4a487

SHA256
0fd89c0c20b58408ca97b1707d70ff87879d438a62f1686932f7bf55fe23a540

SHA512
2c52baf8282f89e8bd3125394858f2b50afe585a8a4aae7226dcb57daaae8237cd10c6d5ef1620916fbe228d46497e2b3bd5ba4010e5096b9e474e371d92da67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9507078120ce0a8012387eb503e30a15

SHA1
ca73598870372ec085eae00e8ee0397343f87543

SHA256
84f8a05609d3e0192684ce9c2fb09ff7fe6153cd8d33406a6c0a3b73244feff7

SHA512
434ccd8eee3dc0b1843f4fdddf0de2334bfe80e836bd46b2d57c37fb5bd51048e51f34418cf116765b79bed6b4e05c56f4083b2563731f21c4c077ee201f7311

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2dd3ef0a623c617e2775605f4cc452d

SHA1
add5436096eb2e66d6d89d4aabdd99c8dff2ea13

SHA256
b047dc388dafa9262db30c2157566215558f5fccf8d71f6cb8b8dc7a46c50ea3

SHA512
a41ec4d25e9128141098b7ac18565b476f68197fc436396e7035c5daf504b62e06289b0016d94cec21f48ff36d9860ab420bf53b417095a6d48ff071aae5bcd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6b1169928b10cd5a0cf1277bc05460c

SHA1
8ab72cef12721909c45ac66d3a00970f97903382

SHA256
55fb5184d2a253a58b372cf8cdd0c68a386475e6417aa174465a770268c60862

SHA512
27cd7f66daf390d920dc3fd742dda73df07c07011680989124ed58c1c728f369620c757a618b3ccb4eebb6959e6b03cc2733663d913bf64c23e008581d8f4432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e27843fc14cd9bc866d15ed46ca6853

SHA1
ad8c46b0e77d804a812bc668a60a25f88dd861b3

SHA256
c99d3eba20f8b636e199456bae14e0f1fef60ab0acc9d0cbc6d52ba9ece78f32

SHA512
977d2c9ff24c8e5e85ac4790280dd9b9441c5bf7dbc303838506334431698ac7f9bccdef1c72ee529b6a2978fc711f4f8c72437bed79d1aeec0cd5ef57fa4bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
618db52620dc57073f523302ba56fe74

SHA1
8fc4b5d2b6bce7d4eb42be0abc9ddb12cfcafbef

SHA256
642e5af5aae9c7c4458309d350f6cfc993200660cc453afd9d204b26c0926d75

SHA512
14d08797eb27a6a4bd4d15b7cf8b795d607908dea4bbca280f2a337deed82030250cdedd7ed0f9a0da4dbe4f0ed346ef293f91c9ca7da89f9c554334484bf5f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2881e2f5ae4c9f7e7ef56fe6b1114a69

SHA1
64fbbe650e23cd310b968aabb33f57e6f09d5871

SHA256
147eea5994e458c8310eb991cc57bf9f96e9ef91d095ff8afdb129d844ee675c

SHA512
eaed4a840379a74df467b1fa2f15eabef900257ec7052a2ff8f47d4c7f090e29dac4c23e05a1a7df434c8f5686466d75081a50091a9f4fe38f4e8125531d0abb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acd2558970073777bdfe62149dcbb04c

SHA1
dc08741146df4dcc5b5dab383af698997f7b5a38

SHA256
74dc98b41dcb25471dd44cf449b53d428e925a3bf8039ab2e4b9b232ecfc90f1

SHA512
41dc4d1f233a8628cce68721c3955f9c9dcd918c08e065cb1f4de02d3738b622c62f19df2a451b5371cafdbc39d372add6844cff36274df36f97ea49c45719af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d11f535e550c4b628571cb0b322d04d

SHA1
3f622c9eb049613a5dbb1aef6947d475df5e02b0

SHA256
846b978b60efa1cbd3ec13eb885a58ae18de59f5db809d03fd7a4675d4612428

SHA512
f5e9d6704a241cc461b4eea347f45ab3839fa118575fee65edda5695edb00d6143df296ce5e36eb73ac16153a12384cef08ec93b2e38f333f576bbe6b75b567d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4970c400a55816a4c677e379b417ea9c

SHA1
fd5e3b2e24c8b7bfdcb4ef74cfd68150d092ab7a

SHA256
1b7debf3a7107d9becb8522938de659d2eaf26310ba8d60513013cfbba6e01a1

SHA512
3d0d3f69cb84da6138c97711196e2c640414086cf0180f517b3bf1ca7d2f223a65834a3e1bd27c21469ae9ec53e5127d0042a5c0678576c689f1a9b8a4ab93dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c7a1372a72fa5daff4d4cdbd9b1358f

SHA1
2829ac7f73fe434ee86618a415ab78c16e14a72c

SHA256
fbc793655d64c628aa9608d8ce9a199359aed2e106cdc21334b7758b1810e95e

SHA512
526c6b53c4ba4eb16397b4fd46fcc64636878290c34053f86faced9cc3b3140c82f15e052be774c75383ba0924acf2f75e49f1602156a16f04839106ae28e428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d75677efa6163d71b7d783518f5fe65

SHA1
6bf27996480c9eef21897b43b601adc6fca08df3

SHA256
2f8264c9f4aaae6ddd48b50f2c02a0869c8c0ab03a0842099d5606c50957b63a

SHA512
5a454e362fb73b73bd19a4f0c6c7259b9cde19ae575c63a944807e5dd66fb515111930beda2a5953fcbc37d19913187dbde1e7ac67ef0c89af9c6ce01debe955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\l63kubb\imagestore.dat

Filesize
3KB

MD5
ecea5e31b2d8771c0c1111bd2a6603da

SHA1
44811787f31ec1ee454fe6e15f68bd1474d796e5

SHA256
c401a10bbc862c86f7742bb38cf7a54b3ff0a8d8d48c3dc9552fb9da29624310

SHA512
fba39da1dcd27726a669384d08b542c5e7ccff9b6e2d06159a13bfa2d1120ce9bb66af214235ff1eb493e494a8bfdc225304c4e4d94c119e896272acc82fea59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K224YIDM\f[1].txt

Filesize
175KB

MD5
e25a1f13a97fe656dcd11b354f957b5c

SHA1
d2fc94653580ceee751cef81a79622fa31060d46

SHA256
51b4fb6e962d3af68c325596e047b490472ccfab401b311de309f12d08da4a04

SHA512
02b6a82cc82088ca4d7d77dddd9480608c2a4cf8695b0a09b46bfad00e16b580f81c4e2096c9d624e20b5985a784a1b34c70b646be243d4387718a94ca0d23d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LF4IFORF\xmbc[1].ico

Filesize
3KB

MD5
1279bf31d9659ad2017369ec1b90473c

SHA1
0f21c5a8266c36af7909118899e1fa07590f2df8

SHA256
74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

SHA512
18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab80E5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar80F8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy42DC.tmp\ioSpecial.ini

Filesize
709B

MD5
f19866e288f7928faecad048f7a502b4

SHA1
d609c76e6bbad5a575b21b8d664a6f79bf5d97cd

SHA256
69d92b01d4246719061cf7d4898681652819feb6b7e2b21de733162fb7bd786b

SHA512
117ab9fd4e419f65777e5011f7dcba20d99e1a31ac33cc8d446992bd4192fd89aad8a4b5c5242c783abc2dcd49155cd2c1b657efb48d3366574a44188b1c6944

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy42DC.tmp\ioSpecial.ini

Filesize
726B

MD5
abab8a375eaa73539bbc0a8f3755e687

SHA1
bf19e1ccf5d56e39df20735894e3e7c148675e2b

SHA256
1b9cb8b307f5a98a03c46c65b0554e97fa1d4afabe67744cadc559b0d781de8d

SHA512
681e000ac9538c0396586151e324a5462284429141b7e65b3aa698accc707b7a242722f0e6ff7be25a35601ed280a5dee6666f8915301a426d2328050c05c6a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy42DC.tmp\ioSpecial.ini

Filesize
739B

MD5
3f3ae08811797ec55313e5d2cf5eabed

SHA1
196a13877e5d4c29cd797f6f7c82871a0a6aadca

SHA256
f3e39fb4f8ce7e903c1a328d71392c4a471174c93cc158d2ee8158796685a2d0

SHA512
c97f8d41a773f9246ce16b0687a617033b0226c9a89c958b0a6784d4aaab9e44de3000880bd476453f9e70616c631d0943ddb495ce4b623e109c448694668619

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
960KB

MD5
290c3098db46d4727d34cf048805ed31

SHA1
2fc0153711c477864a8c337de8eb5e1e46207051

SHA256
4d1d8362c8263beaeb27f9ab03cfcca79177a9980b6ca253b8a96859aad7f58e

SHA512
7301af256d9a04862706cd7db2e3af48f0207c3ae368bc8d2213d778eed4057ed9484aae29f3f13cfafcca2a96a9116192de2bf9580831b457469d89da529e82

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
473KB

MD5
113b20515886be9e13fd0f4ea875b975

SHA1
a25ab599f1ecf3897a2f99abf0ac7d0b6d96f082

SHA256
28b87f82f9c2cba608ae76a92f86dd5bcf5964d6f52b71fd45a410f8c5a9bcc8

SHA512
2e2acce764feb985067a629c6c10c5dcc879a338b981df19a4b89bdb4af828c1597fb64a79b744a87340af9bdbfe5bdd5c1a8023572624807a20a8e34fb50d87

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nsy42DC.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy42DC.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsy42DC.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy42DC.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/2196-232-0x00000000074C0000-0x00000000074C2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads