Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
05-09-2024 02:33
General
-
Target
0 Mouse Delay + Input Delay/XMouseButtonControlSetup.2.20.5.exe
-
Size
2.9MB
-
MD5
2e9725bc1d71ad1b8006dfc5a2510f88
-
SHA1
6e1f7d12881696944bf5e030a7d131b969de0c6c
-
SHA256
2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
-
SHA512
62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
-
SSDEEP
49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 9 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 2 IoCs
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Modifies registry class 33 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0 Mouse Delay + Input Delay\XMouseButtonControlSetup.2.20.5.exe"C:\Users\Admin\AppData\Local\Temp\0 Mouse Delay + Input Delay\XMouseButtonControlSetup.2.20.5.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x641⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1560 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5fefb2ca1e5b530728d41848a1508e63d
SHA15e52b50ef244499fff1710bd54a1f3a2f21ce3c7
SHA256b1919ca1fc9e3525b14571b087cae396240d7f28739be250222ac6b8bd7ba3b4
SHA512fe3b6feb810d4e0af4396d2be5ecfc4d824a9fad19cac289c268e6fe642d0c5f08e1b9454e42ee714b01fcda19aa04fb773b437e10456dd840967c82a14f75bd
-
Filesize
342B
MD53667773659ee147ace72ed6411f5a5a8
SHA1f1c919cf8d8e00812cc1493d342450654fde1fbe
SHA2565b3dec90d3379238ac83bed11ae16c6fb18eccb77fc6834f93f88ad1a7cf7783
SHA5120b1a2fd016e746dc3de93a7694614da39dad4301a53bcef4977540484854871f246e2dd9c71cb44e9a57e60c625945e3a03a20f37f2a2ed50476852a9d124625
-
Filesize
342B
MD58a11145cbec31b612626a6df8905a46d
SHA1775236c692657725389628d5c93e1fc1141e26c7
SHA256b73d54ae8fd067d560e2410e6ee2486e3312eead02d7e8b8013412f4d261b5f4
SHA5126facf18019f55d8cbbaf30b093aa73744b7338014631344c2bf320de1825c4ff212c3a1b88af7fa8e29fb8eb4ab43b29ff05b7f3b4488d0caee599cfda23ced4
-
Filesize
342B
MD55d45f9d1dcd6a279711bddaa29032344
SHA1f27d5daa0156d60ffb437c7d83113faaa998069d
SHA256fb0037bce5aa0c7aed2168992c8985ca91960533a263c82819c5891823e28174
SHA512f5770e93dcbe7bd4611fe16281f86a53e06b84b2c51ed4dd794245b979b0813bd68c08f9e75760c56fd25f6854a92689a64503b96bd1900627bc41b068b9df5a
-
Filesize
342B
MD547c9fbcfad3196c9209529d5a9c69e4e
SHA1f015c7f5bedb991af5597ec39dbfab1afd0d81d2
SHA256a75407605d53ff391a58ae1dc7c13aa672e4a589062eab6ce86928ea76936cac
SHA512fd86f12ba19657b84c10d3620191c25bcb4b0fd842035674e3cc3b0115f7e5bd940cb64416e036e4280afc01199be7f488c32dd47f1762434aadc55a891b2342
-
Filesize
342B
MD54cac343d54c26106f0395d267f80e8fe
SHA1520e5d9a32c7772a3fbf2dd878860590adf48983
SHA256421beb6457f0265831255679f0f5f86190a8ac49e64d11f195b1baf5cec68012
SHA512a7fe387f56af897be8f1ede112bc246ee1459dc0abc3846cc6d57ef4ef955ed846b90d76752a2d184079113b759a6c7184c4ed6410bee3b9cb244e49419404a8
-
Filesize
342B
MD50e9786a1684d56a1ac786ea18e184227
SHA1839b8350c26e2116c823baf6d251e110732250bf
SHA256bc88c50905f95f58c4813910f686c75b191e692076b83c1f0f90f67398e5252b
SHA5128c40e4668b138a36fef17e9df30b8c82b40180ec06cd08333d682d4fa4de771bd2a8be97e84117d62bc0cb1754c98ddba1e437d7e75ba2af96ceabefa5f28904
-
Filesize
342B
MD5dbcc13166068ade063a60838a57b4fc7
SHA18980e167e553379000d20aa23f15a636c0f2f6b7
SHA256e05946a58d6d3f8bad7d6674791b4eaff9de922a7a730803d9880b6840de43c9
SHA51252339f4996b5a321a2492b38721bc38df4f5c66a8642e57f1d593492c4d57d8342ff6436684aab3e6ba3999b4b25fde891d246e6bec857ea2390239f6769f5ef
-
Filesize
342B
MD5054d363ff276eb0ef7814c4bf6b1d6b5
SHA1b02f085977dfcaa9685a709005e985f4d8e6e33b
SHA2567734ae7f865417f571246a504a09e9eb6fe40bfe2dff50fb4f32db3e7a5f1af1
SHA51260c56d5af62b9737a676019bb4b86c87c3abc1027f4eee2f694e218460c036fa22adb74ea6d18184b3b00539fbac313c3a0b5623af00b3a97f7903ca34fb2401
-
Filesize
342B
MD5c89ac8894d973a6dd33407c7afffcb3f
SHA1bceeef393ec56cafbe0a93f6ffba1bb392f18a36
SHA256eba5272b276e97382e4e8a4859f38d91eb61a937eb671f10f44d096c159207d5
SHA5125621f44616fa56143765ae70bf82adc46250c3bf5ae01b853ac0f352107e5ad4a11342462b87d2f21b83290462e80c2e4bf1fd5e9269f38d5c8802eeb84fc066
-
Filesize
342B
MD5fc9288c853619aaf04690f778b735e73
SHA1f6053446164480d184297128783bc82eea1e8a08
SHA2566db2f32ec7a80b30fcd0dda0d708341cb6adf8ab3de31434fd19cb1476ab7ce9
SHA512cec4ec32bcc9b77ea5cd2103b584a1bfa52c4a0c5cb90d9734864b4ac1717d5d23669d97b28ccae3709ab7d5b3488fb9fcdf00ec1083043bd8daaf98f139fba0
-
Filesize
342B
MD5f130491a75ca40f5a52e31579fade117
SHA14638c22ad995011166c44cf0d011bb5479a35ed7
SHA2564d966d26dde68888e398924466cf130c5e3fddbe5d51618197da5ec69e43d544
SHA512f8bc5494acc7d7c75a6540a90c658165cc028d3298b49c1e3993236a5c3bf1999d024a4cc3d7d9e7c0226b90228f4ce7ce899405ffcc2e293fa60505e4bce860
-
Filesize
342B
MD5ea567b1fbe7bd063d94c1fbbc37f8338
SHA1089d6f8f98d7152e6657cd87aa4ab91e511cc8fa
SHA2565c5205d986709780f28d05be0487e53cfdb405b665a671afdfe203628af68532
SHA512d2365471082f6ff8ffc86ae5dc0016a2a381f73e9ee646e6b46077b08cac9dc360cddc660e1b5c2a59aae53d8e5b8107aa767bfdb35ec894eef311ad7001f376
-
Filesize
342B
MD5c60bc73a32bf6e817c10c7daa23fbd0c
SHA15d33ac5f1ef0d5e81fe175fbb8e3c959d2161c95
SHA25651fe3800b79329ac6b520c328b5cbbcfdb93409e29c4a9b873cf0e8075ef9896
SHA512d1df878f48f65f31e1d4f8e864a7ec98b8656f42bf2bfe30a0b67ac6f61f74a5f0952fd3118234148ab91de110b65ab5cc2b08a10a826f6e0229d2c4e24188b9
-
Filesize
342B
MD5380d111648dc1879ce1d50ddb0ff2392
SHA1da94a38c1b7b0f33b03db0570e10ee60bec45948
SHA256b54288947ba7dd6c238fa1089a21bc39636b353d7aebb69aa468ec057c0a3d85
SHA51203b134187de05577626cdd21f963ab20c1ab7472bb5e3eb933424c1a5a079a555af7e468056d91238d607d8089571c12d25ab06b9004ce7fb2427df2c6366b32
-
Filesize
342B
MD5d07f2ccf09f0f805ecd5938746bb621f
SHA1d715def1ff5a3b53a8242a5374e57944b297d4b2
SHA256671a9ae0e8f3637a132a3bda7f88c3e54bbf53b167fc31deea085147938c9a68
SHA512a1c89a5b2ecf13762c283db8b3ee7ff27e1c4ebb897e6e3a9c4faa16c8d8d6257cc30d08ce38aae7fa5c65dd68b3e9aaaeeafb607416ce42f1faa81f783b2098
-
Filesize
342B
MD55309e8ea223659e58e8ae93435212bda
SHA113ce09f11538953f5f46efe4c56249a69cc0b93c
SHA25669eb46a70595290aacf3f5e3e2278bcec50908aa5058330cbf6a48858e3bd137
SHA512c09c1e71bd4308194157179f207fde7edc4629668ffcd63fb299964ec0a7a1d6251ebbddc985fc37c1a49cf926ae5262a8e4d4bd063a6fbdf05e8ad475c20197
-
Filesize
342B
MD55a7d1b0b6eb90b0550e4ad9fe3754d54
SHA1f4d353bbbc2aa2089de9206f18e57f5c9360dc7c
SHA2561bc3e9ab4cb05767167067def2d6e37ab13edf61626bd6fd7f0976fb10f3099d
SHA512c1b903d3bba2a7665770164331464bbdb5045d6325f2ba41c4376f0a425950671c77bc71d9152c5cda42adf4026cb50b6781cc2ec4e01477277733dead57ae65
-
Filesize
342B
MD52f8b747f34db8a63da23be4142a7cda7
SHA1ebb137c7fbb4ec470b4e6329abae92734f6df7be
SHA2565f69dd640bd7ffb677c7b52d09bc2758b4b07c9179706c011edd90c2aac9e1cf
SHA512ca1ce4afba33e9715166f98e6643af7101f02bfa8f160b02c5896e5404d6b23bf883a66c17e807d0f00ebefd5c3654f3201df182600cbd1ae824cc50d19510f0
-
Filesize
342B
MD5328559915980c5ff01cacd5ff4e07816
SHA129f995386ad609ace586c3f97b43b642314c154a
SHA25610db6ac514a2e0483914421c7697252963d33c473f7fdac4df5c540f0a7c6c91
SHA512da42bd12877307a1d01713a3fae928119d740a957c6c5b58539e8d2f6e72263b7c014cb2260825ffb244258adc65bcdd06d9a561d8f9fdf25f63c25a0f1a3b9a
-
Filesize
342B
MD5fffd20da292ff2d2b39906f07a0dbd66
SHA1ddc2e0efe99bf2559b34217a9b8370009367417e
SHA2567d8d5bdfda218e7f51e4d4efcaea85155ac977125bb01c6ddb4ce5a735af800b
SHA51264331ef1621e81812297de25f270ec76f337250d05a6787a82f8ae1f031f3e0e78de65e9b2f570d7d9c0ae9dad06d7ae07b8de7a202f75cadae1318d587c8ba6
-
Filesize
342B
MD5c549865ae9c22bded4f27d9a0d45f370
SHA13d44675d8585ec92ada4dda5c224c38e87515a08
SHA25656442532587738298fd10518ba745c5fdf476bed221278a20488c51c07970492
SHA512e476dd1f65e80c0757db9129b72c96bf53a5d53b64b09dd71acf9c95c568008fb1b19cbc3298c843efee3a4cdd221f1648c8ea9285cdd002406b86ba8501977b
-
Filesize
3KB
MD532cde597bbf291b97cd9e7fe35ce683b
SHA183605e647eb5423a6d9887615aff8bcb3964132f
SHA256c6b8abca87eacecfa5b95e1ae8e4e93f7031cfac25cf797c852acc65dc9149db
SHA5122affedbb1e4eda66c173bf604c04138e1494198f2320cb854b486c3c5880d144835aff372cc198ac5c61893127cea172e337cbda5b50e7c61102e2e015014a76
-
Filesize
3KB
MD51279bf31d9659ad2017369ec1b90473c
SHA10f21c5a8266c36af7909118899e1fa07590f2df8
SHA25674e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116
SHA51218ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277
-
Filesize
182KB
MD5affb347d3de97949d1e7e0d6b87d5c83
SHA1ee501d0a15f3128b920048709ea8bff434592f56
SHA25688f92cb08369cd77354987c430e1f37c8a3747235032e88a7125b036987179d4
SHA512e507bbd22e8dae53db9c425e9ed2e0a31ecda56104939589cabfb6d310fa136a06d0395cd71d3e2d09599fc89055a4aaac335eb50223e146fd67481cdef3bd74
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
765B
MD545e7f29460aa7a91b74662d00312f640
SHA12ef010f96d17eb405800ce99a9506d8b5bcf799a
SHA2568338a5cc5bd8aa1f0b17ccee29e1b64c74b9b54859bcb033fad0ad76f6f21778
SHA512389b70403bbdd24e7d7f4eb94584c6fd79e9d0bed74cb52ff3b7c8e3da8ed561a863b836e8b866c2863d9e12d6f2b712e26bf0dc448586f8e5ed2b7428f8446c
-
Filesize
696B
MD5a7199940bb049320464cb5c52956a0cf
SHA1c97f2d3968630b1e20ed855bc922634659fb14a6
SHA256e38a789de37a60c56b8229fa33d79073cac258b9a0021225c2f36654fcb752da
SHA51220810eac1cce7809ea72737622c1fecbfbd4a496ac566296968b878c57d00f2e1feaa1c16e60c324ff38a428cacc4eb633f36b6a22d60ff83a03788ea94994a0
-
Filesize
709B
MD5fc1a9140d44e4a326fd7f833927819cb
SHA1c812497623cd0d36074ac75d9f66038ebd920ad7
SHA256b76e92d0f7673730d0880b9dc8ba2a8033274d4c8123acb0a13a31e055a9e5b6
SHA5124d83f112c303f898410b828ed77b50f74103d375c2b1211536d50ab73b72b62ce9525d470d65b6041daeb58c9a50242d8cd0d9c887b156fd4cfb37838ffce7e6
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
1.7MB
MD5bb632bc4c4414303c783a0153f6609f7
SHA1eb16bf0d8ce0af4d72dff415741fd0d7aac3020e
SHA2567cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8
SHA51215b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5
-
Filesize
1.0MB
MD5d62a4279ebba19c9bf0037d4f7cbf0bc
SHA15257d9505cca6b75fe55dfdaf2ea83a7d2d28170
SHA256c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0
SHA5126895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323
-
Filesize
74KB
MD5bfffc38fff05079b15a5317e279dc7a9
SHA10c18db954f11646d65d0300e58fefcd9ff7634de
SHA256c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500
SHA512d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
8KB