ea61e59c58d8a80829c6ad565d292d716280d926e7bb1439cb0268a66264941c

Resubmissions

04-08-2024 17:05

240804-vlttaazgkl 3

04-08-2024 17:02

240804-vj61tszfqq 3

04-08-2024 17:01

240804-vjteqszfpp 3

04-08-2024 16:57

240804-vghkfszeqq 3

Analysis

max time kernel
23s
max time network
23s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
04-08-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MouseJiggler.exe
Size

983KB
MD5

27164f23585f4f1e5f63212c39c5a2cf
SHA1

01cf73eac1b234c0cb1cb74ac1d7d9cf410c5b16
SHA256

1ce344ef37998f2d2bdd6abcb121a08ef17f02ccfdc601f2da9bef6d02b00f7e
SHA512

0b664fce3b180f45b25e989986893ec05a7ed549c054a1be83b9bb66ba7d05a14d19866c3cd77f8ec893dd6416c2d916b7e833edc5cc71f99fa0857a1609b886
SSDEEP

12288:MeLDpZQ29k9tT6YY4u0dgZHxF+Ix8/Bc0ZireYeCs/l+QWBWqO9dY95p:9DHp9ky4xg/UBc0MeYeCs/l+QGAdOT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE
System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
discovery

System Time Discovery
T1124

Processes:

iexplore.exe

pid process

536 iexplore.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

pid	process
536	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C8A9051-5283-11EF-A5A7-6AF53BBB81F8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

536 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

536 iexplore.exe
536 iexplore.exe
2688 IEXPLORE.EXE
2688 IEXPLORE.EXE
2688 IEXPLORE.EXE
2688 IEXPLORE.EXE

pid	process
536	iexplore.exe

pid	process
536	iexplore.exe
536	iexplore.exe
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

MouseJiggler.exeiexplore.exe

description	pid	process	target process
PID 644 wrote to memory of 536	644	MouseJiggler.exe	iexplore.exe
PID 644 wrote to memory of 536	644	MouseJiggler.exe	iexplore.exe
PID 644 wrote to memory of 536	644	MouseJiggler.exe	iexplore.exe
PID 536 wrote to memory of 2688	536	iexplore.exe	IEXPLORE.EXE
PID 536 wrote to memory of 2688	536	iexplore.exe	IEXPLORE.EXE
PID 536 wrote to memory of 2688	536	iexplore.exe	IEXPLORE.EXE
PID 536 wrote to memory of 2688	536	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\MouseJiggler.exe
"C:\Users\Admin\AppData\Local\Temp\MouseJiggler.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:644

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=5.0.4&gui=true
2⤵
- System Time Discovery
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:275457 /prefetch:2
3⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2688

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f8bb7031ad460614c4716fc92cd1fd12

SHA1
71a434e24fa9221e351ba6602ec6c7188a2641b7

SHA256
978b9818e1021165516fecf5501ab1faea8de10705dba87188238b90605b6de8

SHA512
18bc0c9bbca172bf968f5467d86026a26cc61256b1a0804ca352c9d913197e9bf8adc01d2cb3b0fd8accb84065cc379e7496d80ca2b873a83fc76f0d32db9335

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
edeaca6dc07a5e0e43c90833bf00d31e

SHA1
86b5c979604325516fdee6491e4a8989e2b341eb

SHA256
ce52809ca9759a5f00d8fd06c81efd64235ba31ee5ade26ef8ef64046a76ae27

SHA512
e2fec6880bd7080a71833cab0593ace219092ef85295212101efdab7a9d7d6a658f16967c54da5fbe193ab02e2922c6aa35d1744ebc696c0b60a105bdd4a4773

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
40c0fea1b8568e0a3d821d17f694954f

SHA1
6580370abcf63c8968fc9637929b6ee72f43866a

SHA256
690a1b925ac14250cb1113a0867fb31e36c3d3aa280f6fb5eba5f26d4be54d0f

SHA512
c8b5847de49c711e4d291bbd60fde09098623ba4779e35677675d31a71d499d86cfafaf9602e09b6a25adbce38c63094916965392f33688348438a5518e91415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3cfb2b016a45ac71414d7c33b5f89740

SHA1
86d346abb1c16d94e7bc28a279acc58442cf84ef

SHA256
964262993fe545c4bbe25aad4d718e12ed8b784e143cba3aa78aa1f2cffc8106

SHA512
0c24a82d55c1205296c853fe72bec21c144611ea38f411455289ca81ed0769b088da11abadd5a49f7761fcaff90063c1a539f5615a7542c66e6cf0e94759793f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c89520d53d0b527a8da6bc692e2a8294

SHA1
a97acd387e322cb4c440586d7a2007fcee2ee2dd

SHA256
d6b1fb4402d3c133a25c1624252d86cc757f737ca90a7c3eb635fb2072ea4731

SHA512
5b37dcd82835fc5bd3302a22ed53b4d5ac04b80a3080cca8e09404662de9d2c1d878bcd45998a7303de3e9066fc0e1aebc53c0abdb15225539bca69cb862f41d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3b85e75112ea564c6f55e8f089de50dd

SHA1
0b2121b2a20e60305859a1d3d748e206099ad564

SHA256
70f744e24d6ed6ae3b00d26ef432713f160cf512e6690f62b226ab03fbddf4f4

SHA512
5a9e679f97f464849f8095d44be21bc5ff5a0c7b656aec2567175a9f856345a0ad1e5b7fb9213caf5c3b9db07893c1963938542fed20bd02037eea9f0ba6b1cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f76af39a690ac7d799401ecb965a3d7a

SHA1
3287c5a9359674db6c6a29c2aef6edd461135359

SHA256
5f2cf3f207c8cb6fdf83cead54b38d1008add9c7e009e1d45c4355784d135854

SHA512
cdea8e9a17d60f09e6c34074e1ee7c5d9518c3e97c7364a1e367bb9ecf3aa30c3bf70c812bf96f972bd9042acef4bb604e27b260c3c8dab87fe142cf989b6b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d313a23ad837dab28e35c1b351be4639

SHA1
67f51a979b54dc8aec0e69da76ad3c5cbf4a85a1

SHA256
d48315e910f4326408c48cb9583c6424971942c9e2aa3c1ebc79e64ec9ac4dea

SHA512
951dcccce723aed443f7b6fe5bdc5c40c07546af2054a9c142aa5c05ece20ccdaba79640f01f7d39e36714db8817a19cea22b2edb19d2fcf3d8a145e30f852ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
9334b29d44c73522732362036041575b

SHA1
c917ca877afbe3905e646d6b74878a9dd311fde2

SHA256
5b6a0eb8488842c67e19894d52a36bbfe98039dd0f3b1d3a255451c594512c94

SHA512
4f30487838f50fea765a37e2572e3bf3685650e77533c4242fc6a945e006cfb06c4a3d3791719b8b383e921219c081287d1649f9026ed454fae43c099e8653ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2504c4e90a325c1389a414a630e74d0a

SHA1
691731655c2cb52f7f7860172a1e1c0670a74168

SHA256
28f6c388a62540a87479f8efe43090b34459912819dcafde8ef2a95f516c24c0

SHA512
a3cce09f61d32b822fdabd8cf9e6c05699bae48e40a7e7e3c1a6906a1de42ed90e93e8e82f07b1d2cde294e42cab864e2d038afac98f0d042c1db712feb5a4c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b3f5cd40d1906e7d79e9b6233fa3d3e7

SHA1
714a4a2b2d129d519c471ce29341b362634695f3

SHA256
52ab5b125f57be70263633085f862b048e53b89fe6ea242019c2d155dff70a67

SHA512
2e835299a024928ec9586f7962804a0931d5e93dfc7d173442372be8a06e9e4ef41734204d40923a921bda39dff05598f054be6a076aec2583645d6a05b6d2d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
16efb3b51fa839763b18fb4e9d270129

SHA1
cceaae3416c3cb4a18d622faf4adaafaa2aece94

SHA256
99bf3f711103d4ec19223207d0c1da8c4b20744802ba544f09180c2854806f5d

SHA512
d9595b8138c1b033e07cf0eb2786335e51958199fcd5d32a1769da7acdf4d2e02cec1beba060a32cb7258aaa2851bbcc53bfb0b90527401deed3f74d033287eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6f3b5ab426a4fd153f6111a36116ba0f

SHA1
fba5a5212325d3418ffe473734e9a94c5ebb1e15

SHA256
f7fefb93fd97b62ba22273bc90e1548ca1cf2e356fedab43aaade6dc435a0fe8

SHA512
2628aac6c0a6380711460b5d9d7777ffc739ce5a15cf40e6de29c5941911a2c58525b36a4a2b57435e635033e318c7ab3beed845186f07ca8ab69b6023b3fafc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
bda6cb9c67deefb500714e82ccd574c0

SHA1
b6079ee749f6d03af2a7b9e6e06ae8e5b813730f

SHA256
10d9ad214b9f539ef1c2ca1b31ad372d917bbee0b9904a433479b77841e8ec40

SHA512
030302194728e7f4df34ab0f652bdf3b118d09bf40920c9797cb21353b8cf2eaa2ce2833f652be5999dadc124745332267808d52efc7c91364a03f1955468b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8E8.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar997.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit