2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/08/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouse_Button_Control_V2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1180	Process not Found
2188	XMouseButtonControl.exe

Loads dropped DLL 9 IoCs

pid	Process
2416	XMouse_Button_Control_V2.20.5.exe
2416	XMouse_Button_Control_V2.20.5.exe
2416	XMouse_Button_Control_V2.20.5.exe
2416	XMouse_Button_Control_V2.20.5.exe
2416	XMouse_Button_Control_V2.20.5.exe
2416	XMouse_Button_Control_V2.20.5.exe
2416	XMouse_Button_Control_V2.20.5.exe
2188	XMouseButtonControl.exe
2188	XMouseButtonControl.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouse_Button_Control_V2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouse_Button_Control_V2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouse_Button_Control_V2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouse_Button_Control_V2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XMouse_Button_Control_V2.20.5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000016dd8-133.dat	nsis_installer_1
behavioral1/files/0x0006000000016dd8-133.dat	nsis_installer_2

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\Desktop	XMouse_Button_Control_V2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouse_Button_Control_V2.20.5.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50F71D51-58F6-11EF-9A0C-EE33E2B06AA8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouse_Button_Control_V2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouse_Button_Control_V2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouse_Button_Control_V2.20.5.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1648	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1648	AUDIODG.EXE
Token: 33	1648	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1648	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1528	iexplore.exe
2188	XMouseButtonControl.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2188	XMouseButtonControl.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1528	iexplore.exe
1528	iexplore.exe
2188	XMouseButtonControl.exe
1684	IEXPLORE.EXE
1684	IEXPLORE.EXE
2188	XMouseButtonControl.exe
2188	XMouseButtonControl.exe
2188	XMouseButtonControl.exe
1684	IEXPLORE.EXE
1684	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 1684	1528	iexplore.exe	33
PID 1528 wrote to memory of 1684	1528	iexplore.exe	33
PID 1528 wrote to memory of 1684	1528	iexplore.exe	33
PID 1528 wrote to memory of 1684	1528	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\XMouse_Button_Control_V2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouse_Button_Control_V2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
PID:2416

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1684

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70d5763ce0d1a3e55930a45fe2021723

SHA1
b801de4906bb354b78a16f6eb54a402d49033655

SHA256
d3317d875d22bbce3cdb3c5e0ca8c3f69bb27fea3556b824c3b22df36340d4d8

SHA512
36588a903f15601f63453422fb1f45b025002757e1cff8040d68869bc49da9a4f0195c47d04907e2c43a342d34ff46214d2c4857952016966c69ce02c8949a1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2819758a126b71a47398eba6ea32d32

SHA1
78985c82a6bcc50fd28b820ce07dccd3c5fe45b6

SHA256
78153a275a1a08ecfbebf4e31affc707111f6166cf3f3f0f1b8bf077f1cdd32c

SHA512
2714561a70c849dfa28792ea410d8e064e056fd8ff9171d852459bfaca367cd9f98c5c423221e8b48d377a919453ed0a53b08d441470b92f0fa4de2dc3f7b433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab16DD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16FF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdC8BD.tmp\ioSpecial.ini

Filesize
696B

MD5
38fff483cd80173c6ec291cdb9b4a9fd

SHA1
872f3a88ccc148d3d6b7466a8a28470f162c9794

SHA256
a02cc055312aa68372966cb1d0baba256bb004bbf539b1356444f1035d0e4b8e

SHA512
07e0c791bb0a3cf1d8251716861dbcd2d57f4ec3ad6f2bfe7d5435111bb23318705b1af14c681d0346d5296cf5112c0f80a8ba8939e8c00e9efdb75e039e4e38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdC8BD.tmp\ioSpecial.ini

Filesize
709B

MD5
789e407eea140803c64d2e885f165b34

SHA1
c1d6a5ef59537a3d63d256c37f47d32a0863b37e

SHA256
6a7fe30459d8a17f7f2c91e130678f746c381abee5f7a10732d9eb7bd8933da0

SHA512
9b75a2eb2213f001a402446d88231dc915c3afc83b8d19b2658895196d9d00c99c8dea81853b267547900d5d9acd6ad282769cebe88a138471a77822436daee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdC8BD.tmp\ioSpecial.ini

Filesize
726B

MD5
afe78490dd4412da8b4fbc86b37b2801

SHA1
a5a877bae2c6e79cee3a3e689d376c58bc315bbf

SHA256
d984b62a2b15429a255e3ddd95d65fb1dc329e810673b811a05c5993de951e55

SHA512
6b046b9f3ca8d5767948b33de10033e7085ffaabd90f6756027093686cca9ec16f5446bf0189c6d97a1b7d482a0c9f20a2f8ce364a5001d74a456281c599ba42

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdC8BD.tmp\ioSpecial.ini

Filesize
765B

MD5
94dcdc2da67d49f20fefd8e96e67d6c5

SHA1
f78f00be1c8b85e68c25720e14d2a6c52ab91d29

SHA256
0dbb707bd46d2f102fc27df8870f2dac1473eb8f68dd5cb4903a71d0238d13de

SHA512
d331af0f39167feb30e8f7e7e76ba73470846316c69a140f14c6f5eed68f62282f9495667e8b089ca920066748b59b449cbee0cc78610e90984f812252ba5a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF771F385BFC668A4C.TMP

Filesize
16KB

MD5
13815b23388bd1f05b4da863799dd511

SHA1
9e832210f4213aec88e28edccb4de56440f52bdd

SHA256
afac01f6efbbfdadca4615467ee4345309ac1fbeb2a9ed33f3b395e307ac4483

SHA512
209a582ea615c14160afca69a67dceab9b58209c0a0072c1a20f6839107b7815bf7c3d1b2816d0922ccdd513a080dc5fe58ec8c44d71e9025e9dd21b4c8e4165

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC8BD.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC8BD.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC8BD.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsdC8BD.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/2416-232-0x00000000020A0000-0x00000000020A2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads