Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

x-mouse-bu...-5.exe

windows7-x64

7

x-mouse-bu...-5.exe

windows10-2004-x64

7

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

BugTrapU-x64.dll

windows7-x64

1

BugTrapU-x64.dll

windows10-2004-x64

1

XMouseButt...ol.exe

windows7-x64

1

XMouseButt...ol.exe

windows10-2004-x64

1

XMouseButtonHook.dll

windows7-x64

1

XMouseButtonHook.dll

windows10-2004-x64

1

uninstaller.exe

windows7-x64

7

uninstaller.exe

windows10-2004-x64

7

$PLUGINSDI...md.dll

windows7-x64

3

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    123s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/04/2024, 22:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XMouseButtonControl.exe

  • Size

    1.7MB

  • MD5

    bb632bc4c4414303c783a0153f6609f7

  • SHA1

    eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

  • SHA256

    7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

  • SHA512

    15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

  • SSDEEP

    24576:WB9zyuRx7jLNquqvzbsM/m0GNYbOVgmXUWU7mFNeSOML3QaYyipFovO:WBJpf7j+LOVgmXUWU7UDTQaviXo

Score
1/10

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XMouseButtonControl.exe
    "C:\Users\Admin\AppData\Local\Temp\XMouseButtonControl.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:1996

Network

  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    210.108.222.173.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    210.108.222.173.in-addr.arpa
    IN PTR
    Response
    210.108.222.173.in-addr.arpa
    IN PTR
    a173-222-108-210deploystaticakamaitechnologiescom
  • flag-us
    DNS
    repository.certum.pl
    XMouseButtonControl.exe
    Remote address:
    8.8.8.8:53
    Request
    repository.certum.pl
    IN A
    Response
    repository.certum.pl
    IN CNAME
    repository.akamai.certum.pl
    repository.akamai.certum.pl
    IN CNAME
    repository.certum.pl.edgekey.net
    repository.certum.pl.edgekey.net
    IN CNAME
    e99038.dscb.akamaiedge.net
    e99038.dscb.akamaiedge.net
    IN A
    104.86.110.129
    e99038.dscb.akamaiedge.net
    IN A
    2.18.66.176
  • flag-gb
    GET
    http://repository.certum.pl/ctnca.cer
    XMouseButtonControl.exe
    Remote address:
    104.86.110.129:80
    Request
    GET /ctnca.cer HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: repository.certum.pl
    Response
    HTTP/1.1 200 OK
    Content-Type: application/pkix-cert
    Content-Length: 959
    Strict-Transport-Security: max-age=63072000; includeSubDomains
    Last-Modified: Fri, 06 Mar 2020 09:56:01 GMT
    Accept-Ranges: bytes
    Cache-Control: public, max-age=900
    Date: Wed, 03 Apr 2024 22:05:49 GMT
    Connection: keep-alive
  • flag-us
    DNS
    crl.certum.pl
    XMouseButtonControl.exe
    Remote address:
    8.8.8.8:53
    Request
    crl.certum.pl
    IN A
    Response
    crl.certum.pl
    IN CNAME
    crl.akamai.certum.pl
    crl.akamai.certum.pl
    IN CNAME
    crl.certum.pl.edgekey.net
    crl.certum.pl.edgekey.net
    IN CNAME
    e83157.dscb.akamaiedge.net
    e83157.dscb.akamaiedge.net
    IN A
    104.86.110.105
    e83157.dscb.akamaiedge.net
    IN A
    2.18.66.81
  • flag-us
    DNS
    crl.certum.pl
    XMouseButtonControl.exe
    Remote address:
    8.8.8.8:53
    Request
    crl.certum.pl
    IN A
  • flag-us
    DNS
    129.110.86.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    129.110.86.104.in-addr.arpa
    IN PTR
    Response
    129.110.86.104.in-addr.arpa
    IN PTR
    a104-86-110-129deploystaticakamaitechnologiescom
  • flag-us
    DNS
    105.110.86.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    105.110.86.104.in-addr.arpa
    IN PTR
    Response
    105.110.86.104.in-addr.arpa
    IN PTR
    a104-86-110-105deploystaticakamaitechnologiescom
  • flag-gb
    GET
    http://crl.certum.pl/ctnca.crl
    XMouseButtonControl.exe
    Remote address:
    104.86.110.105:80
    Request
    GET /ctnca.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: crl.certum.pl
    Response
    HTTP/1.1 200 OK
    Content-Type: application/pkix-crl
    Content-Length: 770
    Strict-Transport-Security: max-age=63072000; includeSubDomains
    Last-Modified: Tue, 12 Sep 2023 11:18:42 GMT
    Accept-Ranges: bytes
    Cache-Control: public, max-age=60
    Date: Wed, 03 Apr 2024 22:05:50 GMT
    Connection: keep-alive
  • flag-us
    DNS
    ccsca2021.ocsp-certum.com
    XMouseButtonControl.exe
    Remote address:
    8.8.8.8:53
    Request
    ccsca2021.ocsp-certum.com
    IN A
    Response
    ccsca2021.ocsp-certum.com
    IN CNAME
    ocsp.akamai.certum.pl
    ocsp.akamai.certum.pl
    IN CNAME
    ocsp.certum.pl.edgekey.net
    ocsp.certum.pl.edgekey.net
    IN CNAME
    e96763.dscb.akamaiedge.net
    e96763.dscb.akamaiedge.net
    IN A
    104.86.110.105
    e96763.dscb.akamaiedge.net
    IN A
    2.18.66.184
  • flag-gb
    GET
    http://ccsca2021.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRxypYNH69rICCzQBIRXN0YAFa3AAQU3XRdTADbe5%2BgdMqxbvc8wDLAcM0CED2lynyFr%2BZoj5NorqSYWSM%3D
    XMouseButtonControl.exe
    Remote address:
    104.86.110.105:80
    Request
    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRxypYNH69rICCzQBIRXN0YAFa3AAQU3XRdTADbe5%2BgdMqxbvc8wDLAcM0CED2lynyFr%2BZoj5NorqSYWSM%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: ccsca2021.ocsp-certum.com
    Response
    HTTP/1.1 200 OK
    Content-Type: application/ocsp-response
    Content-Length: 2309
    X-Cached: HIT
    Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
    Cache-Control: max-age=148
    Date: Wed, 03 Apr 2024 22:05:50 GMT
    Connection: keep-alive
    X-N: S
  • flag-us
    DNS
    134.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    246.197.219.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    246.197.219.23.in-addr.arpa
    IN PTR
    Response
    246.197.219.23.in-addr.arpa
    IN PTR
    a23-219-197-246deploystaticakamaitechnologiescom
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    145.110.86.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    145.110.86.104.in-addr.arpa
    IN PTR
    Response
    145.110.86.104.in-addr.arpa
    IN PTR
    a104-86-110-145deploystaticakamaitechnologiescom
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    xmbc.highrez.co.uk
    XMouseButtonControl.exe
    Remote address:
    8.8.8.8:53
    Request
    xmbc.highrez.co.uk
    IN TXT
    Response
    xmbc.highrez.co.uk
    IN TXT
    02200500
  • 104.86.110.129:80
    http://repository.certum.pl/ctnca.cer
    http
    XMouseButtonControl.exe
    458 B
     1.5kB
     7
    5

    HTTP Request

    GET http://repository.certum.pl/ctnca.cer

    HTTP Response

    200
  • 104.86.110.105:80
    http://crl.certum.pl/ctnca.crl
    http
    XMouseButtonControl.exe
    399 B
     1.2kB
     6
    4

    HTTP Request

    GET http://crl.certum.pl/ctnca.crl

    HTTP Response

    200
  • 104.86.110.105:80
    http://ccsca2021.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRxypYNH69rICCzQBIRXN0YAFa3AAQU3XRdTADbe5%2BgdMqxbvc8wDLAcM0CED2lynyFr%2BZoj5NorqSYWSM%3D
    http
    XMouseButtonControl.exe
    520 B
     2.8kB
     6
    6

    HTTP Request

    GET http://ccsca2021.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRxypYNH69rICCzQBIRXN0YAFa3AAQU3XRdTADbe5%2BgdMqxbvc8wDLAcM0CED2lynyFr%2BZoj5NorqSYWSM%3D

    HTTP Response

    200
  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    210.108.222.173.in-addr.arpa
    dns
    74 B
     141 B
     1
    1

    DNS Request

    210.108.222.173.in-addr.arpa

  • 8.8.8.8:53
    repository.certum.pl
    dns
    XMouseButtonControl.exe
    66 B
     213 B
     1
    1

    DNS Request

    repository.certum.pl

    DNS Response

    104.86.110.129
    2.18.66.176

  • 8.8.8.8:53
    crl.certum.pl
    dns
    XMouseButtonControl.exe
    118 B
     192 B
     2
    1

    DNS Request

    crl.certum.pl

    DNS Request

    crl.certum.pl

    DNS Response

    104.86.110.105
    2.18.66.81

  • 8.8.8.8:53
    129.110.86.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    129.110.86.104.in-addr.arpa

  • 8.8.8.8:53
    105.110.86.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    105.110.86.104.in-addr.arpa

  • 8.8.8.8:53
    ccsca2021.ocsp-certum.com
    dns
    XMouseButtonControl.exe
    71 B
     215 B
     1
    1

    DNS Request

    ccsca2021.ocsp-certum.com

    DNS Response

    104.86.110.105
    2.18.66.184

  • 8.8.8.8:53
    134.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    134.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    246.197.219.23.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    246.197.219.23.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    145.110.86.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    145.110.86.104.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    xmbc.highrez.co.uk
    dns
    XMouseButtonControl.exe
    64 B
     85 B
     1
    1

    DNS Request

    xmbc.highrez.co.uk

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.