2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
133s
max time network
140s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
30-06-2024 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouse_Button_Control_V2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1152	Process not Found
908	XMouseButtonControl.exe

Loads dropped DLL 9 IoCs

pid	Process
2276	XMouse_Button_Control_V2.20.5.exe
2276	XMouse_Button_Control_V2.20.5.exe
2276	XMouse_Button_Control_V2.20.5.exe
2276	XMouse_Button_Control_V2.20.5.exe
2276	XMouse_Button_Control_V2.20.5.exe
2276	XMouse_Button_Control_V2.20.5.exe
2276	XMouse_Button_Control_V2.20.5.exe
908	XMouseButtonControl.exe
908	XMouseButtonControl.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouse_Button_Control_V2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouse_Button_Control_V2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouse_Button_Control_V2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x000700000001318d-133.dat	nsis_installer_1
behavioral1/files/0x000700000001318d-133.dat	nsis_installer_2

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\Desktop	XMouse_Button_Control_V2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouse_Button_Control_V2.20.5.exe

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425918193"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c0ead70b0b0a2d40a2d4e2950dfa2a3000000000020000000000106600000001000020000000d49084e3af1998b24dd51f289582c47e7bd5b549499e7ec7936e8bb5deb5fe7b000000000e8000000002000020000000fa5fb83b25bedbd132716187718082d38f47ab517f875d45a61d06cfa09ca5a72000000089115e9442b29f2f365ca67294799e1071cefd8d5355643854643511130298bc4000000005566744b9a82cd604b7dde8fd9b664bfe7e20155ead9c02b5520a47c545fdb66695c45fc416c0cd8f4dcb1eebfd4b7d989fc47f82fadb9ac40fd13a98982178	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7084c5a2f6cada01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c0ead70b0b0a2d40a2d4e2950dfa2a30000000000200000000001066000000010000200000008b8ddf0f9128f8c3c9dd4743a1ac1710b6e050ddd404d41c57a0725bbdd269a5000000000e8000000002000020000000a57d09849d27caae40c75c24f54d495c6802bc7867ac4257c264f58ac414b6ee90000000f7c332e0b4fc4fd39f2994d4f1a0e0ba27418e8eec9ca8be9d36a3e8bcd74e9cc4ba78ca9b3a4e30245a1312fb83d012ee1ef391b8dc484145c61d5f761f025e904107551874e72166dff1c1ef5604bca9c0556ed67726538b9f445fbe41c0f9b62dba57bde04e54e886c1d53b49e8eb3cb79e9785390344680be0065340eac07597df5c5335628a9dcc174b36c232df40000000925a13becd1f25f1144cc94e152668db80d7c4a873d970f3807f3b6b84ed250d99a00ab0949ed3f79af525f0b4b6a4d5e273737180273ea20de3221a7eb99d3b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CBEBD931-36E9-11EF-9A4D-7A846B3196C4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Modifies registry class 33 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouse_Button_Control_V2.20.5.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1404	iexplore.exe
908	XMouseButtonControl.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
908	XMouseButtonControl.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
908	XMouseButtonControl.exe
1404	iexplore.exe
1404	iexplore.exe
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
908	XMouseButtonControl.exe
908	XMouseButtonControl.exe
908	XMouseButtonControl.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 2188	1404	iexplore.exe	31
PID 1404 wrote to memory of 2188	1404	iexplore.exe	31
PID 1404 wrote to memory of 2188	1404	iexplore.exe	31
PID 1404 wrote to memory of 2188	1404	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\XMouse_Button_Control_V2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouse_Button_Control_V2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Control Panel
- Modifies registry class
PID:2276

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1404 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2188

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
b3d904b183b3f2bec52339dfbda72c8b

SHA1
5b6fcd70a41be129c8eb7576f6ef27219434a993

SHA256
37a428ecc814e48ae22eaf9c6b2aad833b1bf1f1350da6eabd31764006e13a31

SHA512
e097ba07199f0f72fc1bf49c5e7b15055790bcc8ba1d27da2895660b00097a069d683f176b54dcef113e9459819fca56b21df49f83655479ca06736029a41e6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
dbc256bc39a49befa451399788c9f29d

SHA1
f222e85f0db7db016e1fc6c0e8ca488b6000ec1c

SHA256
5c634e1ecae1552763177d72f502518ede779cd2170f63548e997553defc68eb

SHA512
372ec9192449c1b547d68ef5727e0427eb769ba8011c5998ce0d040aa7a2839e755bff606a0083081d65beb8a98ff0bce2456b90d5eeeb232c39ebe74fdd3cf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d55e5028a59adf1be133851c79835828

SHA1
bb0ea4446876d72ca1fd93a342b7ab68c3543dea

SHA256
eedeb16fb62928c67f50810756471d4c76f456128afc2765ade3c1c2e08cd58a

SHA512
7ecf24fee595d646a256b6d9eb804e18493f55bda15dfd158f0006d4aaea7f62ea94ad2cf8cbfc86a6c5208373d5124d060cc8b20c4d097cc4fb565b6222e9be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e06f9a3720625ce7c4ed54024e9c4129

SHA1
40e647049ec4083b9fb87eab018535d6bb56095b

SHA256
dc4af45e268716fd9d468c3f221fba2bd7f82ed1e3699f9a2c977aa138f872c0

SHA512
d135bef31864cf97657082342832b3d74a862ca352dc3123fa6347722a748895e05aa44658ebd76b0a327170e6111f89c45dfd6f6c2b707be17415c03d55e41d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ad1b4841c533a5c16867fd47e63ec49

SHA1
3549b3543dab081e00d495d4d25b4182d4fc4349

SHA256
2f265e9eb1b48375177d2b19ba56e249383ac19670263cae39da09fd9dd45814

SHA512
62f3d533eafec20cc07ff541cdad4d72f0d0fe6a612bb2b80d3bcaed9b507eb186aea5f0ac2eaa7b6fcb8851829d44de6c33436cb05b789f3e25c750eec1e902

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c85bb8b16ab7bab47149da70e217e492

SHA1
d9e2b95736e3835703b5098580cd711cecf5245c

SHA256
6e305cf6a3834614d9ac744ff6bb68adcc5494e7f281dc539e845aa69d9af636

SHA512
950ad0c009d0672db7f05065880361025d611ed143a5c115cbc3e5a6cd49e82d30f20833b735815752724afde777b2524d5c7385360684bab10281e38b12df7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3998646498f9a1efaef2b952b6051213

SHA1
89c9c3109926f722bb8292c5c9af9a15008af3eb

SHA256
b41e9bc0bf05614b09e5a7aa8e296fae6bc6e6dcc41cf13beb507883734c40e4

SHA512
514329302dd1e5c4ad472910575ab6c67b2b48fc892233652a40eac49adceafcddd25117857d22d5c0f9cfe7455e058b27e1313650efbac715d24da9fbfe38d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcf331ec76b1ba0bf7341d1b3527c6e1

SHA1
d90f6167d7a06b187e69877020ed0f654a28ab20

SHA256
c9f62e3214d186f2f87beb0782e54c4be997f141c45458b4f62cbed95f6f6288

SHA512
5fd001baade0c3d0d1f54987a944e4770680a19ff2da1c963b2a5b93f4aefed3b920ed2e99f6e6082c509f591ffce1f265082ba3f02476af4ed88ff54cfff624

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
576c035d5a8a906f076d105fdafae70c

SHA1
9ce2e21aee4464b28e13316ba3d8053239a548d1

SHA256
813f9cf9bd3036082116abe276bad8828f18149b89196b011217bfb3067a3cf0

SHA512
7b76a46710f9a38efebd3539dec9b0c098c609ec2f04629eb5b286a8b12d86a5bc7bdd3f9b1efa7ec619236f6a2af135eb445897217744aa968aadb30f7ac262

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e41cc16000623af4710a3eb57a65dbb

SHA1
6608c40a12c58e8b2899a3eef5515d83a7b51eb7

SHA256
69dd4059a21bb61200adb5568848a93c8ffbae7d104afdc5c031e02e9a9176cd

SHA512
16a0833fdbb4ec8dab50061cf92476bc6c1fcff8aa99529c8c8c3fdeb7ee8658a6dfb4bd3d4de5a46e416711b4a03e87c1920ad95b47c2177a00393c379108c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fbb66b08d86267a966a3f476b12e0ec

SHA1
1d0b620e6725ac884c7da62399328b815053c93b

SHA256
dd3093317417d2be3a240967375e4ba5e6b6682fe5c4f38f53b7fb1f54d6ce50

SHA512
e64f845a7a0c5f2c34c7d5366c9667275d64e5161402b0f1d5ee57a34557c5e01bae45d9a93c2e2af8a6d4a4af37877305ce59e16193ca71e46cb7695c793b70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
111e014566d594f4ebd8f10be03863de

SHA1
e4bf56b816194e4e81bf1c181760b8e12039106e

SHA256
5261cf6d07e79b9df705030b073d18b40257847357445ed3bb2dc83012016fa0

SHA512
eae01b55656bcb3f96f7ed4786ffaff18785262da2edba2bc7e2394f9c8237c0e7118aa335131475c835563d26dbbc9afbda35c7839e06f95bddea1408bc8f5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc05fbcf49ce372fc52830bc86c9f6df

SHA1
21bc7809477edf6bf0a1e8d69f64dcc9ba30bd41

SHA256
1d1aa7fc0901b602b1295f464476d9a50f8a6d3cd4ad442d156f003e2e64c037

SHA512
a9680389d9603b491b467ae1b2b164839a548946b463ce5acc3611e83227d8058e743a796ba197ff6c8bbd471a238810a4d7aa85e257c9c9f8a764a95e56d30c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31c03852ea66caa2ed32c0716e3594e7

SHA1
0d0b16dfc6e2cf22bf5c11cd3066ab931cacc07b

SHA256
28f49addf347ce8914213428ed802a0855f7c658811e0eecb65b35d9afda3bd8

SHA512
b76915bac1d43fc4ca3b85df43e8c0d51d558cbc02db06e5f3f583345c500ce23ae23a275543b9e79680fc99c3117d8cf0972b97fbc13015c247f86ed6c71dc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0899fd40befed20b27cf98aeb41966f9

SHA1
007e8bb4787f12048bd1733355bce00c2733ba8b

SHA256
56f5d35db58cc286c52e465014d8e4656ad94a8db04514f937731f07c15c3e9e

SHA512
bb0f1fc259fffeb85313f5c7ce9be668b677deb1b4f9f724dd95a91155e594dfc8a03a8a359eb1c4708f192fc8a52ad634aa86ecbace5fc05fbf50e8cbbf6940

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
173a4a4cdf4bc6548e7baf9c44aa733c

SHA1
b0237baa748a2ef029bcc831a7b7948dc4e6d6dc

SHA256
2733ae498d736fb13272dba53c0163458661b6e96ce6c59760db75de022789e4

SHA512
cb7523d31826e3d4029ac8a40e07b1d4905ab43a2f30335f5ffc1a160cdd8c85b6a7478d2acac2c7aa2755992d0f7e658539838da86c2c58ad375df8b294950e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
324db4b817e4e398301f4a3be57ae41a

SHA1
9b48a858e4a23284670ff5e189eb1e7dd572987d

SHA256
05ce1bc43b063261cca736bb6e26c673081f56bc80c488cba61efa447d3227cf

SHA512
506e3d05feff6104f824f32cd2dc3e2716ee5a87e17a808cbd59122219ad6c87cafdc96ef4ee80752b99be2b2722212263f9d08a5274ff2aa4463c858e71e7ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec6c714c88d64bbe906bc5f05a3868b1

SHA1
5ba98c70e4489eb33f5bc0f945d4cd9a7c7a8073

SHA256
28c4daf61331fd325a393a9f2d52b57210307e9a32c25e503b016d743dfdcbad

SHA512
ff8030f1cf8110c6be920a8c5caf43f1abdaccb9b008f667ba0be8d18a9f3000cc65a823ea8c4fd1d0f5ac4d4067e7ab09a781161cb5a2390fb1c1a78fa989f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccd850c3ba8cc19fe8bc486ac65d49f5

SHA1
a7fdbcf537498e96e3d1ce9c397d436898b87d21

SHA256
000e94dab30b04f6c1f5c4d74e5b0de0ee30f9eed0e00d6eaa9f250e9d9bca2f

SHA512
d3c9561bc93a61d116d61e6b3d47140f4b979777cfb5aa8d2d1b4616c688fe4f1ef556a3eea621f75a79c12b24a974af8c3ea1fbbf3a39c1969dcecc4c4bf3dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
790ed2c081973189b5a712b3f169b8a2

SHA1
cd7357aea201c0591e91846c99087fa88fb010b1

SHA256
59437daf57d75c735d2a18e1a8518a787d48063511936cdbda79cd975a4caf2b

SHA512
128ce07878d05bd64c751954c10649f78ac38197d4abace5ed4c636f235a0ef0fb923d39bbbac8efda8193d2f2e60a95b728805215f19dbe993eb293294796d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f520fe8668de3b4b3ec6b637925b440

SHA1
11af6393d3217bccfbd7fd9c30c9a3f0868c5d5c

SHA256
418f795d256c8e0b9a4c3d06aef5f3ac0024a1f382d87d02224f0873c8fefdaa

SHA512
07a460495d4be1af5906becb507685891b8ee68ed175e6fa87390adfe505f559f7b07d380f88733b5b89b722264f4e05be63aee85c070a6eb0ba7d4bb3741e87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a802231f636b0e6f7fed6356e368774

SHA1
9e676ce4a910bf7a5c278cb876ae8b0dd35beef1

SHA256
ec1735ca3f66be3dd47373955dd03dbaf7fc04561fe04e34e4dee794efcd86f4

SHA512
26d2b13ba96947786e53ae6c4b6df6352b66938d2d823fc87210c3d5f4077b3a9ec4ae40efb2bb1f4f62a7553eb8f3273b5592eb68564a2db0d6f8620c253c9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16361a3ecac2124a0ae2a6eb9b63b3a5

SHA1
85e1eda9d1bc8a5fe3cc0fc23947f6bdfbbdac20

SHA256
a3d736899c46bedef852c68bf2a61e7ad26f6cf4db96e48192605760155caed8

SHA512
dca5884da56ff44c8f9348980a841675f936a98d851a23b44614242c4a440c0a66cdc5aa3225607a2fa3630b993717e854622d467975993d8a24a56a2135e73c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf3afdba4e4439e3906ea39675ca0a62

SHA1
dd5c9f0f6e87dc9329c7f10ff99a65f72ee83a36

SHA256
e44ecc73b78a8473c42813d59a8582f7955783ea0f14ae6dc9514f30b1c826f1

SHA512
47044b2ef0c6511ab06659321934fc831cebf2875515ee86e66e11831ae915407526a8b565ec06fd913662262d4edcfa469a49607cfaeab96079d4e5ca668cef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d432f505408d9be213e56d15a2e279f

SHA1
e4897ca68ea46e5f79a6eba3ea61687276bfe5d9

SHA256
37ae1021e0254e22b6fb3279e667e5bb6488a4397ac084af34a43c5450bd7090

SHA512
d7e912b5c1e5f63efbaf582c39ea3a56d39d2e8cace684ba7804463163f7b649525983b54463bbd7abb4611cf4d203f4ea8f73a2f3bcb4ae8cef17895378e259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b20bde32ca5699279e063ebc9ea523f

SHA1
7c9ec3f2c4389e447db23ca3924074d88e1400ec

SHA256
faa83043ba757906365abb0d3520f3ce2fecd7baca61b09467139ccf79c5a3d4

SHA512
8940909e5d7a655fd33f453af5c24074febc04bbb400511c7086f27c752ead30bf2b060c8d9985b787718ddf34176c2b34d6f0bf11d3b93dcdca251ad7e9527f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
be26a9530b35e45f7fab0cf723c8e1d3

SHA1
2b0c8e03ae9c9d34882b87033f9a33e771f6b1f5

SHA256
d208e1d51878ef29c36e8b67f5d7fdcee157608d3151c36df77244998343a17e

SHA512
0d26ac7ede07c808732daf2f0a3e59e30b3716267b9ff6d717c7825515c8a4690c302afaf32e6115d5717f9abc8400b65a6bf12d4104bc017abfa546a02bf985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

Filesize
3KB

MD5
322cd597fb4bee7e3d41b874b3b470ee

SHA1
0f63f3d924fa9569f89456d18d26073370d505d9

SHA256
2bb6819633e747ca3733ca8170acf6b1f84c03a18c2d1312c6edebd8efee3045

SHA512
0a24aabc54dd669743ab1d23596c917b4ea36dd991dffa5558cc750a9189229c9d6935ec4df2da0ad20609b508886dab27dcc47a3cea7a706522154396bb535d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\f[1].txt

Filesize
186KB

MD5
0cb19cc581aae77f9fd1e554ec2cf5fd

SHA1
5dc9d6d12830eb571e8df88c98abc8c7d0bebb32

SHA256
8b95cfdd1e8a761d200e861bbd792ffb1cc8c841b4e6e89d7ad9d6c2927d45ec

SHA512
079249b370ce4e6582f36b1af0cb0e5b71a286063e1448d194cc20b0c3bfb533fa208d97f51a55441db3ffc0f88fb00d1153154efc47d9abcda1759f21d15547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\xmbc[1].ico

Filesize
3KB

MD5
1279bf31d9659ad2017369ec1b90473c

SHA1
0f21c5a8266c36af7909118899e1fa07590f2df8

SHA256
74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

SHA512
18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C9D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso476.tmp\ioSpecial.ini

Filesize
695B

MD5
efc3deb303122b9455f0399e7bab9d1d

SHA1
6b2f799a802869b29084c39cde21ccce082c6cff

SHA256
a8397fdcea7be8429a6714ae5425f46b105da2a2732ced138e49dee36d7c519a

SHA512
bb57b527ed0730670ea0826de4aee4e3ad43b92a35a7e2a396ca398a4ad46f2e7c058bc8c623ca0ba668e1746006c23d234d8a14a9fe33a8c94af9c0c8c49a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso476.tmp\ioSpecial.ini

Filesize
708B

MD5
320869f0a0f46c96944cb1725b1f2dda

SHA1
162941b5859d823dffc992a4c806db104f9c394b

SHA256
326717662c090e01ac07194c8a06a4c021c0a63867f7d2af4d45eb2ad2962fcf

SHA512
84bcf30368ecabd001961e5690cb170c7fb903abd6927a6af773fe92035fb5df771eaa8c23396b7108eaf947f33e4a45b5cb6e010452a28ea8bedfbf08c243e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso476.tmp\ioSpecial.ini

Filesize
725B

MD5
b27bfb9c716f1477a009ee5617ac9bfa

SHA1
d06b6a65a29ec97aa9a014c79ab3afe461c78a1b

SHA256
abf70f506721e7760f382d0b01f163e6108e7a1c31cda39b128a9aae8c36ee2a

SHA512
48532f4922a62977696e3e8e318f9764e7eb1896200680840bcfcc1d35a2fe6848e8ab17559db0dd93f34e375eaf9789932f6d4706ffd770231cfd59410b8d2e

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nso476.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nso476.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nso476.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nso476.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/2276-232-0x0000000001F60000-0x0000000001F62000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads