Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
29s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
11/08/2024, 12:54
General
-
Target
XMouseButtonControlSetup.2.20.5.exe
-
Size
2.9MB
-
MD5
2e9725bc1d71ad1b8006dfc5a2510f88
-
SHA1
6e1f7d12881696944bf5e030a7d131b969de0c6c
-
SHA256
2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
-
SHA512
62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
-
SSDEEP
49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 12 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 2 IoCs
-
Modifies Control Panel 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 31 IoCs
-
Modifies registry class 33 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x641⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Control Panel
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
1.0MB
MD5d62a4279ebba19c9bf0037d4f7cbf0bc
SHA15257d9505cca6b75fe55dfdaf2ea83a7d2d28170
SHA256c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0
SHA5126895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323
-
Filesize
342B
MD50237d18d2c9ed416368c9339f8b0510f
SHA1d43d4cafd6857267ebff2d722bfd025fd4319d2f
SHA2562427c38e559f7e2a27ad719e0791dd624ddbe40ca06644b29a4fc3b1e9593979
SHA512268102bf92f7676a4a813e9876eb33848382dfd13d5669344873c0a9d5a6d171e055cfea1e1b0b2c8d1bd6b87ef34484eaef32f22351dd92e842cee1e288d57d
-
Filesize
342B
MD5b684bde2ce9b76a7129ad4e07dfc36ab
SHA1d4eb47dbdc8a3166648b01d2098dbedcf5660139
SHA256b500e22e16179d558f46d48d4d943c60cbd1fe26fef7e47d4f0b72fd490b6c56
SHA5121118445089f25fde1a324b8e10c89161efb586c9b46a3e18fceb81ffbe32bc7e0fceaee0f002044f75641b1df451ecbb9d3eaac559173237baaf23c1d04e9a22
-
Filesize
342B
MD51c32b20d3766c8919f50ef49f5b1a962
SHA12ccf64e09e4d9accbd7dfa26453b9ab680a9e25a
SHA256e0325de1dc2a1412ea682ffa00dba603cf644ccc1fb97a304b3e65f0be4e92c8
SHA5120420599742a556faaa5ac0872c25c92efc5eef7c48c1e275b12fd10b55bb4a1a69093ad10bbd55555ec845afafa71f8d0265c8cc1001e37328803643e870dc18
-
Filesize
342B
MD5c6517afad07f1a746ccf7e693a2009ff
SHA1365f04e7a38aa6b709e106497b1a55377dc8e25e
SHA2561d9fbaef0a359ad98d85d0959ef04123038ab7113227e4255f69fb40e0ebef61
SHA512af020ed6b245381ce15d1cc67baf7cded360dcac0f894159b0156dd34245e24d0cb54b8f17d5cdc5292c6e9b99a78bd800c59f0991791c4d92e0d9b5f48e99c0
-
Filesize
342B
MD508fe0b9827d6c22c80902f9753a42110
SHA1976a067dd5ea4ba9f02bfd6e7b7cb14c818fcb67
SHA2564130e8c38a7a7acc1a2b73607ea286079924f9d16ce181ca9f9fe27f8e83eb27
SHA51267379d7c775efedde482fb32b943cbd8d601e74bb1f48c66b61a36627c985e5f0e5ad519c11569fa46fd63314c4e37c9718481d0e9f46d028eb5a9c39d3fab3f
-
Filesize
342B
MD524222d899d0143c6c52754f303ba5abf
SHA1c9c6e644ae7c416725f0ca7b033d89bda60114ba
SHA256e830a0d6b38406c1e74f038f0ab86bae5baec235bdf0b7d964959da478cb6f3a
SHA51266166e44f216c5975c3a2589a68877cd758190b4678e411a41496d4c3cefb693110f2d102a5eab719b4fb700e7a99a069a1e6342d2c3211a937e5c69716da1df
-
Filesize
342B
MD526761546a584fa25110024392707570d
SHA1dcfa72b8572479faa56c84106c5b0804250a9e39
SHA2565a05688fb6e20ac9b9d9071c78a4570fd5a5620858347ef14f030f2d83e225b5
SHA512c096c9e09f22e6f5f78a6e6f037b9c9abe3c5337bd9ea88a96cebc672b1e4939030173191cb089d3afd72473cf7f8c2367f7be718632d66f59c8b6e3a30a20b0
-
Filesize
342B
MD525d7ed928dcf28f1eac161aeb6208f32
SHA1b2bbe69d5519a6a323503841afc637e51b79243d
SHA256b8a7ea3fc9fd2d0bae2e958fba2cfce78cc4e12546c71f40591b87eeacae4c64
SHA512ff37ae4191daee73c55ee7b10092ba8f9055b604afc28a426aaa542de2d0a3a53b7d39dd96c3613896e692a5f968c76ca8257e256394d528b1be5f5d16175a39
-
Filesize
342B
MD515c4b9f194f34dd397ec56df99ab1600
SHA1199603534f32f9a2f19dca5c62591a6e48bb764d
SHA2568efb130875c3cde6d9ac9da755751107b49d1ce2ba955c1d854262dd1fe43e32
SHA512e4b53c1e931af7f3e6ed1eb4d335da243d2a05d3e4c4f5156919dfd0a641032df5bd6bb0dbad14a1bfd337aa01443eb70e65c15be826bdd25339c2c589bf0572
-
Filesize
342B
MD541994cc78921a8aab0bf7594420b9997
SHA13a0218bedd1c42a01b109f7f774353e108409374
SHA2569dbcb7039ab373dc9904de4ab26a2783f4f159bd01e0798a33874fe7e9e8f076
SHA512d260fe845bda3212f6fb2e3acd510340106db9c314215af3fffba939e4373f3c0c9e1f1af7d00ea87413c11efaf7c0e9fabb1f336a6e259132ba300561dcaba6
-
Filesize
342B
MD5ee2f40578741272bb20e178dc183ebf6
SHA1619f8e98ee2d4c2557adb8979cc20211021d53c6
SHA256389a065279b69571738eb7fe93db715aec664e9bf711f07c2884aa421ce979b7
SHA512c62c11c8b7241b1364c56b5eafdaa5e9bce1e19c53b55e75dd2ee35728f180a5fd370b9832460ffe70467e6906a8ef952abbe990f318286e0e33c65affd61dda
-
Filesize
342B
MD518cc34d2d40c2c6d5af10d6e06b5e166
SHA17c8cdc39a3dfe683393ff8b127f182725407580a
SHA256ae2ed310a39735c5c0f97f0b4269d9e020d6f1febe415d2115d975425ff593e8
SHA512f0d284b0c7c2cd07420a81447a1e959a121e86e8ca8a88981d46ee19186e26ec732499c0086e43cefc211a6cc43d30b6a6b75a0fd0bb4acca0d99a0a42061c00
-
Filesize
342B
MD5f1e2eacac8292a4c9e3f856ed1818e2e
SHA1efe670f344ec2dd69664d913b55e17e5b0fbf17e
SHA2568a614c1af3b6a6daf596a3e95016e1744c365cf9552fb33296f71aaa233ea9ac
SHA512acc75a5ad2866e33c119e224fef573d874ff1ac91435b9570112b65d904620b47ff2c9c35350a4bbd87930785333c3bc0fa7c2dd7b9c6c695d77dc84bd05cb58
-
Filesize
342B
MD57e5113ebd1ed9ce21bb9bfa0aa160878
SHA1f184055ca82a89a33a445a109ab8bfa335af1061
SHA2560f3421f5b3b389b910b455c8ab7a57843dc1a3634d654d2af64c91347bad1d32
SHA5122f2512ed11172ba4b86bc030819abd6b75e505488686e5f9fefbe9805f7345c1be26abf0bb50121abac26fe4408c7fc1167f8588cb277a728e2e35205e20ebde
-
Filesize
3KB
MD50930058ca711b1b76900e94b1bd662d1
SHA16c836726613bdc881112acc3f0f96e02f252d8df
SHA25697db9a3ed78a391be6358462c7f76535f66057525713ad338c7ca4849ca8da90
SHA5125b90dd3baa4fd523b3a86bbb037206d0203912bd221209f0247171bfb8537817607a73d9d8ea92f4cbdd03543b664635ec8d7286cb6183636ab6f8395d548ee0
-
Filesize
185KB
MD5a7916b53a50a5db7a5c378db38da36e8
SHA1b55bd934cf670be8c8ed51c157112a79e7c33053
SHA25643dc7fc9ad8152258cb6c994e18ea99a1b0ab67cc18fbb7dd8ddf87f542b9c4c
SHA51282e4bf5f419586c74894fff823b732d896cb646058b927cfe6bcb9c79c4f6c336e1931874704d7481d44ff52f75d8449672e49a8c86adef72a720cfaaa17e589
-
Filesize
3KB
MD51279bf31d9659ad2017369ec1b90473c
SHA10f21c5a8266c36af7909118899e1fa07590f2df8
SHA25674e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116
SHA51218ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
696B
MD53098c1113f20b7f0d6aef77a79444e1c
SHA1cb9113ad1a89449ea809fe360dc6c7a45f8b8fbf
SHA25696bde51a02ec94b634b82573ac0f09a2a0800db3c384ea7adbe2acf08c494942
SHA5125a616ca07dc61d2c6b01f997acdb367fc69199993d0add80d347cc8f8e9f502594ba099110a45eba2d8f1b71edd3df04dd0d197127f519ce1f80fb4f994b6010
-
Filesize
709B
MD58341910361711f9f4396605a902865e7
SHA16645a3068eb0e193d892b8b5826854047e46dea0
SHA2567a30c492686672a02c40977796fe7306111cea84d9bdc6e9df7693c15059b954
SHA512f0bca7effedbb6e28e2ed0b59aca01e83eb03b6224521af7c90b8d16ec37b31b9a825ac769418dbece91bd36dfa31f7aa363e4901e46deae94acaa78c377e069
-
Filesize
726B
MD529d3a977d705a37e1fae1765e68d2c94
SHA1dfe7f324acaf1dd2f4e0f468001e29327699cabb
SHA256c81161291683d3419ad071ef2230c4fb86cd2103fe327392b14398372b439a0c
SHA512bb02aa0c299ffcc0fdcb35a911aa42bb52fadf1260ffd68e508437448da7f8a216ba08ce456d9934f0886bb593e7f3a6bc8750bb69e59c598e9c1aad6461da8b
-
Filesize
1.7MB
MD5bb632bc4c4414303c783a0153f6609f7
SHA1eb16bf0d8ce0af4d72dff415741fd0d7aac3020e
SHA2567cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8
SHA51215b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5
-
Filesize
74KB
MD5bfffc38fff05079b15a5317e279dc7a9
SHA10c18db954f11646d65d0300e58fefcd9ff7634de
SHA256c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500
SHA512d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
8KB