Analysis
-
max time kernel
65s -
max time network
58s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
30-08-2024 21:36
General
-
Target
XMouseButtonControlSetup.2.20.5.exe
-
Size
2.9MB
-
MD5
2e9725bc1d71ad1b8006dfc5a2510f88
-
SHA1
6e1f7d12881696944bf5e030a7d131b969de0c6c
-
SHA256
2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
-
SHA512
62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
-
SSDEEP
49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 9 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 2 IoCs
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 31 IoCs
-
Modifies registry class 33 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x641⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5a940adb52adddf011c680dcb6066aae2
SHA18c0ce08e9348351b87bb19ae09359b9bd8cc64ca
SHA256ba73ef2643ab5d6bc7a2584be195a469f55940f9dcfca4a1df2043effb7820a9
SHA512e8c1870009158010841200af789faf0caa5ee1ba4a6772dcb2083cf0edbc9d1c5475c6ba2e94f247069c6b3ee36f84029a8d23ec16fc4a2496607b020c155b88
-
Filesize
342B
MD5501f9060df70ad8af37c08549a66809f
SHA1ef9985bd9338f6cbfee4406d5afce5e2087fc0b5
SHA25611a2a4aee9ba82301fce358d1dff1db4f87c787fe7eec8aa75283b5a961def13
SHA512a6036e68116f71819920a8a826381ef1f8133ef7eacb8aeeeb754d4b9c2247c3ff2b4d7d039d82c5b3d99ba72fb9ff51df38fe80ee8a1916b967d0d7ff33a7d2
-
Filesize
342B
MD5e5867a2c0178fd16da0f49785767af9f
SHA1e788a1e1fa3d428076fa4c2a1de3c618f78d6841
SHA2565dc555dfc7484efd905649aa1d394c20e25de0c6ed4b2c0089cba36a1fad2060
SHA512f219252a07d4cc8c1fffdf60e836bcb6a02ed3880bec7fcbd786d406505b71ddca49d2dde93d789d705fc427573e319a1943d680231f67f81ff2e83158f8d115
-
Filesize
342B
MD5decb0d8e3f3023a6dea2458ebcff92e8
SHA189635a8cb98cc21ce48470009b6ad2a98f4b29da
SHA256dc2fefb914a139cec0bd366443d60ee595b1eb13d54e05da39a1b6094c862bfb
SHA5121e3b8cf26ede2b919e8cb02c8153fe94c46e8e4bdb10ef7ed9c8460f51f469ff99fe43363efa84246b17a0fe53138a9acd1c9a512532613f39470b751a16769b
-
Filesize
342B
MD536237b2e8639d53813c838c99b5ba70d
SHA1e6f72859b371de3dd9bf9407bddd7dcf44bd6aa0
SHA256c0ef2ed95f96c6440459c99162b8c4c792ebf75ace4415056ad355da2eb6d6ea
SHA512e506e4c0d1b510a7750a5cabf8cd082bc1784e6d5cc53c37bc88612656d837259789d1aa03ce72a0ac232813ab36f078c5cfc86a0e309d58ee6bd68162b077ee
-
Filesize
342B
MD5082884a056c2d3d5bf6a9cf33e6f8735
SHA1cf62fc682ecaa297cabdbcc9b8a39851b64c1d18
SHA256cbaa3da771e17f5087efc7742db879098bbe877fb57773d358de75920e6e99e8
SHA51211fa9d45a7bf1f1e137180141d6509f49a6426541dd7b0423f56e384744b72c2b8a3671571db0a3bf8d1ffcfc791399ddbacfa7d96d3a8ed1121e235eb49b4af
-
Filesize
342B
MD5a199da83f613b0c61aa674e54ddd61fa
SHA107d3705b1af7a8d6abf0053f8cfb8dad23956bfe
SHA2567cb2cfa97993809d4d950a77882c17acf35f4d1c328b5528656a08febe0e4494
SHA5122ea832004db49c92e746adf08dd3f0fc3097a3be0f1fd8cb8328d4f116fdd8e7c8d79e3e64b19dd5c6daa1da81f955356d2b6be16059e907fa8f44fd6f5016da
-
Filesize
342B
MD56065209f09bb7785c34b3c3041e3cab0
SHA1e19a0bcd92e4fe1511e9cec850098730958fe8c8
SHA2560e82e314ac7946ee0aa01b32c23ed0fb6a353baf3194cb3b7f42aa45b238c6ee
SHA512e9ef644eca6c286852807ef2cd3705f3a346d0232c2f54d8841a5bc0629f15cc0266a39bbf8b82461bf2947244c65547bfae905345049331e9691401deb5038e
-
Filesize
342B
MD56a38da6cb12c9933d94f8aa377b7cd08
SHA11d402dff6aa3d6b827064e6e3ac618f4b9467a47
SHA256874529ab937105a0f6442d3b4c6bdb1254214588bfa147ed81f96c6c9c3d764f
SHA512df5b71c94f3e9e2d8256df47d0ce242beab57630d1dff2d301ef420cefad09d6b055c46cf507d0da88940739a37d78f8112a14f0cf7700da573fa8300ca33a6a
-
Filesize
342B
MD5e1f59ac242c4218538fe58f064fc767b
SHA1009523955e9bd2e80cf5d43335d43f93b80f1dc5
SHA256cc95733c38eacac60ab1c5e114d03b8014b64b588c08cb67bbeda4ebb94d749a
SHA51266b2655a42e9595ece47f7987df5dd7bb0630a5f7baa09da2bd5d1987742b5fbddefd0dfcdb9b373390a9bc0255e8f5a339511054f0d6f4ade2cc9d73b01ce13
-
Filesize
342B
MD5d4d6fad8a57e988ba31b94bf4d32e5ae
SHA18580d6501065fc1079358bb6768530e503950240
SHA256e1dd7951b753a5742a9ffebb606a12ceaf07e0965d47e5710eeef67a42b3a45c
SHA51202ba72f76ac780a6f3f78d1399bbd0f8c4641cf60599e1b0297c5b7776c341e542e3530f00fd16ddf2ba01f99e63659addda5fc19e08a48b6852c0b39ba608cf
-
Filesize
342B
MD52f00858b8ec6339965955be00f8ea931
SHA120e6bfa5f029049f5c47f61238499bd7b53fd77d
SHA2563606ec90815c9405f3ba1b56b1f3024f445e88d3e33988e7695d329efb110f40
SHA512494241b2154652cc3a194c808115742ea3f54236b7eb250e740874f527c72e04d94ad20cf68ee0bdefdec465365f1a6065d748f8276bd75402b4e62db6f32533
-
Filesize
3KB
MD592497387bcd137cf4794b0f1886be751
SHA185dea1df25036ef9d59ee7d14c18ac10d87dca15
SHA25678ff8c22de3d42830421c9284a7c022a6e339ab5a1530082c9cba35a3164f0fb
SHA512c62f66593eabb2ecb4bfd8472d063ecbccada99a914cea8fbc65e3e9aabc58804fc4756c93ac820c8b3802e77c3ca99a8566e6c179344f60bf93e70b99c4709b
-
Filesize
182KB
MD5eeda0ea09c8148641d313fdd41ef2e98
SHA1f718557b4a6b2eca8525b32bc81f92eb782ee740
SHA25671403feba18e63d1c649e0f6d617f7c99631bc5bbcbca0c23eae33aa6b15013b
SHA5124e2d11f4ad1a7fd7b511a9d70d60e107897b201e29dfe8da0eff990ecaaa3f463563bd2158a3c4b3ce7fb3f68e49385afeb22c1b24d98143ba77c760cf310638
-
Filesize
573B
MD571e594bd797a44d12462aa929c67ffd0
SHA10573fde1477a6ff87096c7f0119d40440b7f787e
SHA25695f339e7abe30b1da13e52bca950ca2fd10fa121813e46cbec819211d4c5cb4f
SHA51216227be53b153b6f959b704b5ed85f74a6e55235a6f4d6a19b051b71eab72ce3ba1332fe4c586d73cce9a0f0c03c898281c3ba4a7e8a32e9bf884518510b7241
-
Filesize
247B
MD50b7e4c7e3b22844f2fedf8a311edc7b2
SHA1848a47c65e7e47138942dab1011bfa21ec7ad061
SHA256cadeaf5438902018f0b5ef13ff8a4ddff583aeae97cb1f93a2c8cf25e52a9f60
SHA5125b870188559fbbf6810e0e0b1322a6056752839fe370d5aba325c35d698dbeb783a4a3b4fd2207a9641268360bbef353f2099e317c6e87f72bb41a97030e81b3
-
Filesize
199B
MD542ccbc40045756f663f678cc6e9572ea
SHA18a44494e76aecb48b989d41f3428e1a03a4458c9
SHA256336bdfb1fd116707ced4c74d3bfa8f7c8d59cddab748dc228f8178c326d23065
SHA512cc0251fcbdbb42c528e7d1b160bc230e0c48ef0ee10458f817b20a76783a4e1c0010e4a88b53a8294b8a53b0fe6728b6a309517a69a9bed3f3cc0555a29ff337
-
Filesize
200B
MD5d779f77e22daacc85dbe7e5e8c1d0a35
SHA1255f20010093cc1147c966189e43d9448cc04b3f
SHA256d5b6ef2507f5d66e5345b94988001eeb65789c8b910b021f02f27d1b129b60b1
SHA51217ef854a99e98ea50aaa741ad157016c199f44b376ba40fc044c7f1466fd947089369cf7d8e8925e778cc7d9635a456a2a15029be395aa6d5a65595c55e8dada
-
Filesize
3KB
MD51279bf31d9659ad2017369ec1b90473c
SHA10f21c5a8266c36af7909118899e1fa07590f2df8
SHA25674e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116
SHA51218ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
709B
MD5fdcca8a176713b45e59b6aee3bf6da33
SHA1da854a0a03243c53a7acd216c0eb0176c33e6e0c
SHA256fce9b7d3e9da11c81098cf6531da9e7459c291237450932b0b04fb4ae6732ea5
SHA5120c412219759bbbaa9a301474df9ebf478ef78683652d189d387f4cef11f1bc446dd1460f9d15c44aedc5662c6db0fa239466629f05d69fc108661b4f99f8cc28
-
Filesize
726B
MD5793879af1aab5afb064ce9a29bcae958
SHA1bbf11eb803b6a54be5308030b44772b94be879b0
SHA2564dde92bb9cc9e6ad0dd077f926b7b3adcaa15fb9a019552c0f1882dd2fac86e4
SHA512879e6c319b5bea0193d965a2aeacfc7f73e25a3df7cb8a68d2dfeabb95d7b09f1f7d83a4a5642009cfe53bccde7689ac6e08e4305193cabd98c7754bdf026055
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
1.7MB
MD5bb632bc4c4414303c783a0153f6609f7
SHA1eb16bf0d8ce0af4d72dff415741fd0d7aac3020e
SHA2567cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8
SHA51215b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5
-
Filesize
1.0MB
MD5d62a4279ebba19c9bf0037d4f7cbf0bc
SHA15257d9505cca6b75fe55dfdaf2ea83a7d2d28170
SHA256c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0
SHA5126895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323
-
Filesize
74KB
MD5bfffc38fff05079b15a5317e279dc7a9
SHA10c18db954f11646d65d0300e58fefcd9ff7634de
SHA256c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500
SHA512d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
8KB