Analysis
-
max time kernel
33s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06-09-2024 14:56
General
-
Target
XMouseButtonControlSetup.2.20.5.exe
-
Size
2.9MB
-
MD5
2e9725bc1d71ad1b8006dfc5a2510f88
-
SHA1
6e1f7d12881696944bf5e030a7d131b969de0c6c
-
SHA256
2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
-
SHA512
62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
-
SSDEEP
49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 9 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 2 IoCs
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 31 IoCs
-
Modifies registry class 33 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x641⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
1.0MB
MD5d62a4279ebba19c9bf0037d4f7cbf0bc
SHA15257d9505cca6b75fe55dfdaf2ea83a7d2d28170
SHA256c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0
SHA5126895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323
-
Filesize
959B
MD5d5e98140c51869fc462c8975620faa78
SHA107e032e020b72c3f192f0628a2593a19a70f069e
SHA2565c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e
SHA5129bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105
-
Filesize
192B
MD519a7fac68845c5d829ab93579e65cd9c
SHA15b1bbf6c01f7b7524902d4542297b7ebf102e35a
SHA256428809f27c767d9c8d0c8cca95cb19c0373f207c0040d9eb3457a8ee3a55faa0
SHA512afe7124f8d4bc85cedbb1ba01501e6c52bb2d7c30cbfc2ebc7e9ce8da47961d982514d1475cf077aaff1f8d3c17ddfefcdc5a24071aab36271d1f9feb45e9e9b
-
Filesize
342B
MD5279900c8a1c4db62c3240655964bbe71
SHA10f3361de76e4b7a596bb344679f5370414df95b0
SHA256bc93510fff09b7d7e0df388239fbfc123290fe9387781c9e50ad737226162fcc
SHA5125837e58e165f067788f796bf52157158c98ba87381bc01be03e2f5623bd0c51a2d222bc511a1693e2c9c920ff4f09a1c08f350b17d44617d999f008331fbc7f9
-
Filesize
342B
MD5cb0ed62b5b407b0b1d45a2caa858f906
SHA18b1dafd7b083fa4727f8ddfdc879aa018cd7a960
SHA25606b1c11e130c9723adef00e7b97f2b3985bf96c524406e20891591c2ba8e9085
SHA51246a3b3075647188d3ed7fc4565007937c64c44beef0aa1d685720f20506eb1277e029074cfb070449e66aa737cf70b5411c4a5dce3b43baa4351ae10459c49dd
-
Filesize
342B
MD5a17cc9803a0efff7e2fd98a395d2d772
SHA1fcfa21870a495cd8390ab52593c86b912d4d77bd
SHA256a701a8a8b88248c1dafb0bced35b1b32118bef1951f296ef59367c26353d43ad
SHA512e8837e9041d4d447c3320b8234bae1d8f885627c7fe81622e78e574a74d5f40e0a7404407dfc9d169de0d4c62d400f667f0afc14a4c4ce2746e97d9d680e005a
-
Filesize
342B
MD5eb3e04c6fdd8470a3e7214405a44036c
SHA176f227db036a5e2fe208c610f0f6300bc6ab279e
SHA256147c860a0f8235dfcb21206c4b2f78fb43123780a1179b0438a2353556ea962c
SHA512eda9d3e8f54426d628cabf5d6aeb57a0d9f5c0433de66898d9d3fa2fe0e6a2b7b9cf8f5722c101d149d4b2252b51025c7fc57848b4c5fe4dc4efd3fc2bacde07
-
Filesize
342B
MD52271b6518100eea375642f8387067661
SHA1ca69f8820aba44d029bde6e969fe3ab35e9e93ba
SHA256191b70e15c65e0ec8d7a8968df5b4635cb46eeb536b19704f1b3ad4b04612b1d
SHA512186de7c85c592272594aee61aa0e8f0ceb6142afbcefe6dd80c8a84192241168114074ec460e42d2cb604baf47eb7502c44e8bd857870338fd5b596ff3e83832
-
Filesize
342B
MD5862a4c6d13106ec3d3d0e5bdac06883e
SHA12ef559d418a2ce7aa2e040b552a10dda7322c4df
SHA256cf266fc6f0b199c4ef5fd6d502691160f51e8f2aa7749c2781de379f01cc1360
SHA5127020024336dc760216b5d840f262923d1c7860d7a6c2f1b9774ef6d784c299159e07475c1b2b165a0cda3685d7391d626235436f295953710459b99ffd0df488
-
Filesize
342B
MD5fe3a26a55d4e67d9ced8256ee7d42953
SHA17e1553e0f58ea2945645801e15769cb74647208a
SHA256a339af775a1cb3e67a53191c8b740cefa89075d3fd10d0594b831debaa0d257c
SHA512683914dae694eceb91d2fab264448716ca33d46602dce4ac48a01150ea5c2af13200a36f2a7572395198ba40f06953882ec7f5feb95ac9622efc99c6ad289c50
-
Filesize
342B
MD5161110bddbc4f488b9b2ab1a1be63349
SHA100898d3a04b194d90f4b5d7f1f1ce670b63aa5e7
SHA256b777e831d709ac72f3ae6ce51e5b9c557fe130086eeee5174a5acb8880965de0
SHA5122f99a1c277c5895debaae3e2a54c40ce9baec6c87beadfe850a3b1de11fd02f316416dae4abdfcf5e505b204c84a4b55a06e4fa0d05fda000a0de094da33d21f
-
Filesize
342B
MD50699a738a6f95071f0063646ac4f9fee
SHA1591b447f99a6bd06d46555439c08fa9cff7e0266
SHA25635b509a2ae37ce4551a0182a3544ee10bbcfae1d38b39713548e6912da739db0
SHA5127b2c42c7e673abf8b884b2914d4908987ff4f254b665fc28421d526e6a5c661778d3241b4eade9f3c383e4d26d86d50f3fb3db26e2a2d81b8a221c2481dc673a
-
Filesize
342B
MD59ecf448e019c43f05297148d564ecaab
SHA1289038678c3a65af052352e7485b003f74ab80a6
SHA256e1b946ebc7b6326542801e3e3b12f267db6d937650319a9d997c45992d913c76
SHA512737d72d59ae69e8a16263c068d8bb69101018fcd2f761a5c0870baeb4de5c67ac474c0071505501026d2dfe06d505891497c37ba7057586dd6408ce6e25f1b47
-
Filesize
342B
MD57ba20a8670aaaa26ffc0c2120f885796
SHA16d2ce77bd25dbbb8ee17470951aa45d25ef6a659
SHA25630b658627a181ae92d5b6cd213ab44f51a51f8d52443d10aebae975016f9579d
SHA51203a1cd80cbf7e3c004e2a91fbba2accfae14acba7940317748d4acd9bfef20cc63b1cb61e0520eb495dcf4bc5b73a6a43397bc157f91ad8b1e5ac1ad7391e5e1
-
Filesize
3KB
MD5602edf4360f5e8c914b4c7eb5d169f8a
SHA1c41ba76f0c2997e6b4ee0996d14c796bcbb257ed
SHA256f1f3e45125b79abbc12f7bbfc419015bc1ce35809ce7b19711893e223ccccbd8
SHA512b8c65ffa76bfa4a8ccfbffcc1e3f8da73455f7a314e21dac3f86dd5ddf5943363841633d51824f701dd67a410bdbb57c69f28330b669c9c10a07a36c7f2a684a
-
Filesize
3KB
MD51279bf31d9659ad2017369ec1b90473c
SHA10f21c5a8266c36af7909118899e1fa07590f2df8
SHA25674e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116
SHA51218ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277
-
Filesize
181KB
MD5c09e7727f4c14cabe40a180e17f8552e
SHA1a273e89facfd64f981faee626405c4b14e1af2bb
SHA2567cf6af53ecbc1f6c2b91ea61a8f12b6c2aff1e895410167e1966a6fba45b76b5
SHA512615fa567f6ff200ad70775b0979ae5d932914505741d930ebd3090ff8bd56b57d02c7bdfa2238d36d8974c25cc76f881e1ec73dcad92615288dc2137ed26af5f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
696B
MD5a404790bf12f25b3dcd6715ddf6239dd
SHA1beb2160720613ce9890ee32ca0d09d4ee883a142
SHA2560aec5bf66e5f536aeaaec0f35b9ee39cbaf2b6f472a4cd8f6e1483ca7bf432ef
SHA5124e9038e76aecc55eff78a584549756aeefa1fa8822384d7bd86c84db1af41a7093133e06d10e2e3386f850a36c02e77fd19475623fc84497705b6fd7a0092e06
-
Filesize
726B
MD57d967424519ab6279de91a906931d384
SHA1ceb7b418e88823cea82fa398ea9945ed89a62c53
SHA2569cfbc18f251b795a6014e35b85fae00f18317c680a18f1437ab2b2b4ffd28094
SHA512c5fdd7b937f94dbb2e3bc0b72497c2a0b37d14b48f1a88b8051f92212fa88adbb266e47ad19f4076ef8957fad1da62a447e71bd4f4c1bd588c50c500da3f7ed0
-
Filesize
709B
MD557d0e03c991dc6c27cf136dcc9e8cfa9
SHA10e3c0f1abdb498a1dc8d4e43dec5a178808f05db
SHA256eec91e24977d86cdd2fe17898178e3c60f32effcd8bd1719438bfb4ee37d2ff7
SHA5127bf40609ee3af779f2f889e88c1bcb9e618c273b25646b77319b41337b170e13ee419491ec490306f39289c2405135e51475da01797994ffe9c921bbcba367f8
-
Filesize
1.7MB
MD5bb632bc4c4414303c783a0153f6609f7
SHA1eb16bf0d8ce0af4d72dff415741fd0d7aac3020e
SHA2567cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8
SHA51215b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5
-
Filesize
74KB
MD5bfffc38fff05079b15a5317e279dc7a9
SHA10c18db954f11646d65d0300e58fefcd9ff7634de
SHA256c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500
SHA512d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
8KB