Analysis
-
max time kernel
70s -
max time network
70s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
26-08-2024 19:44
General
-
Target
x-mouse-button-control-2-20-5.exe
-
Size
2.9MB
-
MD5
2e9725bc1d71ad1b8006dfc5a2510f88
-
SHA1
6e1f7d12881696944bf5e030a7d131b969de0c6c
-
SHA256
2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
-
SHA512
62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
-
SSDEEP
49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 13 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 2 IoCs
-
Modifies Control Panel 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Modifies registry class 33 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2-20-5.exe"C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2-20-5.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x641⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Control Panel
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\XMouseButtonControl.log2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
1.0MB
MD5d62a4279ebba19c9bf0037d4f7cbf0bc
SHA15257d9505cca6b75fe55dfdaf2ea83a7d2d28170
SHA256c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0
SHA5126895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323
-
Filesize
342B
MD5d9568dc86865544350b0e5b16725ce49
SHA1301a393ebab8ce1ff634652a978076e5dc9ef388
SHA256565e4c48286265f75369260509c5f54998ba117069a967a783a25989c6d771d3
SHA512cba3987eb1952c083ecf6402598f813cfb9268ff7484b1aa098695ba4904ece0fd071141c5ca04777a69af155f6f5fe2e834b5a4b79070b0221babbf3dae9882
-
Filesize
342B
MD52b5ab489127cab01600cfd23a38c84b3
SHA183da3fbdbe6ea89e7db07bf816583da5e535d1c9
SHA256be5b7ebe1996b8084a2e5e4c35cfe7127640e7e9b272ffee028d9099dd09d3aa
SHA512ada481610ecb2bae08fec1d4cdbf526703a6fc32b707c0945daf2403a61eae95f3c3d676dc1e2eb0a2280189cdfbaf47765edba3405c361054360bd846053528
-
Filesize
342B
MD50da323f653b717aee5638e3a2898db62
SHA17302599a197ea63501ff67a93ca920c68a7938cb
SHA256381cb15e4050304c1ebef73761f519baeb3921a387512a5063719a590e0d2726
SHA51277f427780990580ebc1e5a68e7e56e3c63b7bc22e403934eaaf5279018f49ce0f8287a4a49346def86c144d8bc91f466d6199573a6e34270448fcafb651f7dd4
-
Filesize
342B
MD5ae524c1fd5ccace94b8edd75fc6f5f2b
SHA14fd7ca4d08f36ed78afc9a4c7e86beaa682398e1
SHA256c9c0860945ae6db49fb5ecf60d33812103e2ab313f171ecb0852cee45d2c38a1
SHA512dc101d698374ca19616e70483f5f7b9260706354efcbeb2f645ded39de20f402061bb2500706aa91d3f55c72507c2a8fe7fd5e1c78e39efb001cbe7c2b4ef238
-
Filesize
342B
MD557252b18050695a56e9d4a60f363752e
SHA11b314194c2f12fa660e2e39150133e52740fa4c9
SHA256053c941bb0cf8ca1599dafd04fb1d4ce46f04e9e10d9ba59359d5ccd41ca848c
SHA5120345c24921f4ef4f64d7f07170655c96a92a8034cd1543a23d1af3378277c30731aea4958e031de07f864e700254cedc4619af3258e8076ecab37d1536c22d04
-
Filesize
342B
MD51347c09b16fc78c798521ed2a27e64cd
SHA1edfe045d9e820c09a5a086e5c0bbf966a1b33f97
SHA25617468e06e3e47bb40ac1d2fa48b61f5faa7a6c243acb3fd492000604b4da0476
SHA5121d8bf5e1195d9beb7b9d91c29640317630975bb385c4e183867f378ba278e9de35f6ed0996e8e4ecd55966585a50b15396ca279aab9aea24411b8d1c9b595c61
-
Filesize
342B
MD58a70c73d9ebc1c0daebbe21502e33a7d
SHA174241b01936ce9e9cb197e3d0ef6ecc2f66bf3e9
SHA256b60ce9ff79ed616513375a0ec6c15cde3a2fe7243f42ddc7e56beb28a5b1b52b
SHA512f3b92aae3fbb2bdcdd9460b0339c7752bad5c5fc6e3eb316aa615635aca3b670078442f1936f54d55839242e2602ca8ef97c134cbe0d16d101892594aedf1dad
-
Filesize
342B
MD5c76886c1fe1c9d0969382e425abdeff5
SHA1b91394738badb7305186ae82604ac32da6e91019
SHA256bb13243138809c28ccdb21005ae6bcc4b3f25e77ca8f2973d7d24a4e0490d52a
SHA512e82cdd8b2eb72193cd616462ed3ee8743b00e1655a531b56f0a1f5d7837b5dab60d94545aec086fabe079f9d5f59f617ce91ae4f56dc6d2b0373520524e008e9
-
Filesize
342B
MD52d218a60067ebc397be278b9c0fd8dfd
SHA18745ed5842e68d144a09943f872668db8d6f43eb
SHA256b9b1b7c03d3536509e56f3566aac47bf03c9dccec74cf4cb9237f9e7a49e56e8
SHA512ad23cba6ca5898d877ed332c864fb8479f8359de5ed8a8e0c471021400b60b4b7e74d5fa648a49c0213f3bb7c43528c081cb4afcb406928923d2d72ca3d9033e
-
Filesize
342B
MD5185217dac3e66d1f3f80f4466c6c330f
SHA18d6702f80909d656bdd6bb2bffd8b474cc3a3160
SHA256ac7663025420bc45fdc7e82b281f8a6e8577c004ccb1fb0b71fcc524b78dc239
SHA512a417eaa1db5922469b45e677d6a540b08fd02211c790b5c1911fc65019e719bad78e3fe080327c6cc343bd1e917f4b1f0edc2865f7a9787b8775ccec75f09f26
-
Filesize
342B
MD50bf4e867e5d3c50ec56b03ad25986eae
SHA1d15f8faae573dc8be89060573d912a5d9dfda989
SHA2561d5439fc5c123e74075af829fc54118b851ff725f51900d2486077628919d751
SHA5125d6baa189f63284e3b012f328dffa6819443535e2650947950148df5abc8461a566e0734ea2f0990ed87d644937047b79d4af29c70788a852f2e749988f6afe6
-
Filesize
342B
MD510745576dd2a1a42dfad07a9ff2ccfe1
SHA155cd73be8987bf928393b7abe350542375724e4d
SHA25698056864188969c31c9b854684b93a0277459a8a3277745f73fd12371b154142
SHA512296aaa5be81256ad7a5c7fc43d7a639e6018a515fc9f3764b7b5dfb6406340ef478da4aa9f64d670cc323ee5e01fdb35f4f805d420166ef25cec79b2f538b48b
-
Filesize
342B
MD527af66b68547cbeaeeb81d347ba3b166
SHA1bfab26b82270476f659c86ec3ae9aa2642bb3643
SHA25660a02321931ff8336478cd233b105085fa413ea5020827fb6f7a3949f3f4860c
SHA5128ab8d55a532eb25171e824e85dcb93f507cfe25690a817460fd44721bbc7d50ae296ede153fe7d34253bd17592721c1d9c7264f3e1e4289bdbc3bc464b029b4a
-
Filesize
3KB
MD56b9327dfd696e38398137a2ca1d45cbf
SHA113e4baba1591c864a1e153ca70b21a8d556ff77b
SHA2566e51e3c4e548bcda848c2e6fb3c0244fa09a5d26f99ed1879d700a3f7cf249fb
SHA512fc73dca0fa565cefcaa1af32895c1154df7c54b48b1fcc52330103d40eeba3027b7995c692f21ee4f0f51d45ac83b00c6bbf6784b76f5f6518650b0086b35971
-
Filesize
3KB
MD51279bf31d9659ad2017369ec1b90473c
SHA10f21c5a8266c36af7909118899e1fa07590f2df8
SHA25674e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116
SHA51218ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277
-
Filesize
181KB
MD55ff7b5e9970e8f19b12d4702e9bbbe06
SHA106d58869d4c2ff5a262744d636b1258290835797
SHA256d27705cd3ccb44422abfe84362d1e20a8e94fb37f08295c603ed05ae11dd980c
SHA5121f4993317bd0f386bbfdab24b45017f8d362cdd15fe4f7870025114f16c1bff3186912f565bdfa1800f46f885fd3437e2f1c0b741eb8931bb858104d81f0d31d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
696B
MD536f8240d28b4cbb29e7db1998ffb7a2c
SHA1983adacff19ad4ad58a0c7c2fa373fed9e22f550
SHA256ae013dee949999ad2874e7a8840726d9345b048ca6efedc4a0126eb9c9fe27fc
SHA51252def0276a72301960f3894054ad8153447d491c2b4844c3a18a6248234e348063c392aa7823098fb06d3379363f6342c107a3de54e0908c072e6bc7487c9ffe
-
Filesize
418B
MD59edfb8fff3667898e7b66ff2852ca59e
SHA18a397e2d2c4cc8469670aa65444332480c80c9e2
SHA256a522e00dc8a1e201b213c702962e2dc16d74a955d57d049068bcd0b926847ddd
SHA5129e48a8ccdff0c81e1fc1d6f423ece722a4c02b4c031604a0275e14ca8e65977f0562c91fbd8b12bcfaad8ac953720a326d38e2d86f1a1d8b45bfb17538e2227a
-
Filesize
709B
MD583ff4c6e7acdaf1e0be73c7e36856e1b
SHA1e7ea5926c198b16f626e1cfcf34f9cc508ff764e
SHA256a8cada5d143325bca9e538545bbb20cb49ae8868c16990b136f608682fa20f4e
SHA51271d3b62c5c6035bc6e39e7e87a91842b698e1d139e108ebb4701e28fbff8cce5e351de1fe656044ccca4d693ea44503dd2e87953cf16fcd0ee6e94f90aa8d749
-
Filesize
726B
MD5fdccbc7336655161ec930d2a7108629e
SHA11e21af96a215ddaa6b8a4e8cc7a69cd3edd0653c
SHA25637ba4b0d4e7abb6053090ea6da456ccc40b76ec201d2c45843166e309450550b
SHA512db5da960dc5ebb12e71440b9b476b946debf00c459265ee7497c1ee4f324b3d33ed7e66890b29b907c6e2b6183882e08547962a0a6b0b2b0e22506e176276584
-
Filesize
2KB
MD519b57f5c4517ebc995abcfddeffa2657
SHA154a224586b65a7450178dcc2568e0d801047ec0c
SHA256c90c50144a299232a1cf96e94af3ac30947bf8c0f37329b4ac6ed753bfc5dc24
SHA51279aed191431ad4967272e245d66d08432f1b2308583a0f0704abc0ae77ad2f7e308784d1174eda4e4796d8d41ac0c36c74dae189f448174182878bff01ff0f40
-
Filesize
1.7MB
MD5bb632bc4c4414303c783a0153f6609f7
SHA1eb16bf0d8ce0af4d72dff415741fd0d7aac3020e
SHA2567cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8
SHA51215b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5
-
Filesize
74KB
MD5bfffc38fff05079b15a5317e279dc7a9
SHA10c18db954f11646d65d0300e58fefcd9ff7634de
SHA256c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500
SHA512d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
8KB