Overview
overview
7Static
static
3XMouseButt....5.exe
windows7-x64
7XMouseButt....5.exe
windows10-2004-x64
7$PLUGINSDI...md.dll
windows7-x64
3$PLUGINSDI...md.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3BugTrapU-x64.dll
windows7-x64
1BugTrapU-x64.dll
windows10-2004-x64
1XMouseButt...ol.exe
windows7-x64
1XMouseButt...ol.exe
windows10-2004-x64
1XMouseButtonHook.dll
windows7-x64
1XMouseButtonHook.dll
windows10-2004-x64
1uninstaller.exe
windows7-x64
7uninstaller.exe
windows10-2004-x64
7$PLUGINSDI...md.dll
windows7-x64
3$PLUGINSDI...md.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
131s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06-09-2024 14:56
Static task
static1
Behavioral task
behavioral1
Sample
XMouseButtonControlSetup.2.20.5.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
XMouseButtonControlSetup.2.20.5.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ExecCmd.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ExecCmd.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
BugTrapU-x64.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral14
Sample
BugTrapU-x64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
XMouseButtonControl.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
XMouseButtonControl.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
XMouseButtonHook.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
XMouseButtonHook.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
uninstaller.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral20
Sample
uninstaller.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/ExecCmd.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/ExecCmd.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
XMouseButtonHook.dll
-
Size
1.0MB
-
MD5
d62a4279ebba19c9bf0037d4f7cbf0bc
-
SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170
-
SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0
-
SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323
-
SSDEEP
24576:k9YEYaUkALnN57d2KiGiccvn+KAUxZswMPOML0MW:FhnrNtScc+KAAZ1MPOML0MW
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3 rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6 rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4572 rundll32.exe 4572 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 21 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 4572 rundll32.exe Token: SeSecurityPrivilege 4572 rundll32.exe Token: SeTakeOwnershipPrivilege 4572 rundll32.exe Token: SeLoadDriverPrivilege 4572 rundll32.exe Token: SeSystemProfilePrivilege 4572 rundll32.exe Token: SeSystemtimePrivilege 4572 rundll32.exe Token: SeProfSingleProcessPrivilege 4572 rundll32.exe Token: SeIncBasePriorityPrivilege 4572 rundll32.exe Token: SeCreatePagefilePrivilege 4572 rundll32.exe Token: SeBackupPrivilege 4572 rundll32.exe Token: SeRestorePrivilege 4572 rundll32.exe Token: SeShutdownPrivilege 4572 rundll32.exe Token: SeDebugPrivilege 4572 rundll32.exe Token: SeSystemEnvironmentPrivilege 4572 rundll32.exe Token: SeRemoteShutdownPrivilege 4572 rundll32.exe Token: SeUndockPrivilege 4572 rundll32.exe Token: SeManageVolumePrivilege 4572 rundll32.exe Token: 33 4572 rundll32.exe Token: 34 4572 rundll32.exe Token: 35 4572 rundll32.exe Token: 36 4572 rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\XMouseButtonHook.dll,#11⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4380,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4128 /prefetch:81⤵PID:1944