Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14/09/2024, 22:40
General
-
Target
XMouseButtonControlSetup.2.20.5.exe
-
Size
2.9MB
-
MD5
2e9725bc1d71ad1b8006dfc5a2510f88
-
SHA1
6e1f7d12881696944bf5e030a7d131b969de0c6c
-
SHA256
2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
-
SHA512
62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
-
SSDEEP
49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 14 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 2 IoCs
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 41 IoCs
-
Modifies registry class 33 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x641⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1312 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5796230b8dab52fd5637eb8c57a2aec81
SHA14b3c8387b768bd3ab7624db5fb23eeb617b7949b
SHA256e4e0c459f7fe6394a9c791aa8d568ad4eac34fb01959bd870b6c62e191a34358
SHA5128f2f339a3c027c5ffd89700c27f3838fdf67d60702822801c6e9219628eba8f4b5db702b917cf77a1f671d0ed02eef20867b5a7a90ef0a9bf1baad640456d10d
-
Filesize
342B
MD5537ac09d0b0eb6d95d05b5a26a69db1e
SHA192a10acdd5b4d250db8a2dc27fc281a694411a31
SHA256025c48183c29211a2e946a8353f2f6eb06901988f7a3a0d0416d15251b362a33
SHA512978bc875e888a3ff3cbb92e205d50e155811a0fbd9e685949835d9e7586f58852d3825cafe68c7583c510dffd5ba0305071e30299ec5818cea95baeff0833901
-
Filesize
342B
MD58357ed8810583854dd47112cd77e3df7
SHA1c7238fa650a40189642aef22791111871ec45a37
SHA25604f947536994bcdabea18b0a2311e82f7693771f39846a5cc91556d9becc9a50
SHA512fd7d3033c91754c6e1b58b0d3f5735ded06a3cacdb9da4c084a3142a1cbee3713a4fe31e2411ce3fbc9f911a3ea7a7f7923d5fbaaefe766bc216b3fc6fc1b88b
-
Filesize
342B
MD5ae252b565eef9cb1ebc1051db730e9e1
SHA1733cdd7e64c8622c6bd89e81a3c1e242b981a695
SHA2562203b34fe5e4831bddbd626ab19af8d604f04adc89634cc9a936829f6bcf6555
SHA512f02b90a92bae26cbe14d20b679efabd94b84846054bd61124c3f99612ec6ee7065f222a567c60cca388e7d040c4f9a6aeae01237818baa036ad476448b8940b4
-
Filesize
342B
MD5c4c00a6285060c6ef2541c98818789a4
SHA174858f7032432f0a6336394fd79a5149ccc1937a
SHA25672d244f8dfb88ead008320e3a809297d8ccef3055f4915535b6d8cc60736c47c
SHA51248043fd6cc6140c20ea219265e440b7ff16e3ed16f182e1b1abd184bdff6365771146bb44880d2fe07d1c4be18f31a3b12f86f29efe209ac05103530d97b3435
-
Filesize
342B
MD5fac2a65c5925fbfd0e2e59ac1ca27612
SHA16a34c72496b2a40048f1030b991e9542c03734d7
SHA25629407a3d6e1d63ada53854d2ee334a6c155b867a40bc1f6adefef1869b8e6f26
SHA512e4e46bca956a5fa3d7c72514f612d11c71da03acc5b353de9223485d094b11d0faa10004b2750e2e0984518962e8e35762eb1d774fe0786d66cc7947213b9286
-
Filesize
342B
MD59ac12b728eb251ccd893a29c2d187a72
SHA124a9af00b65f1c4ab6d55e6c1150df72f4b3020f
SHA2563158a665013c16051f09e8f6523745bf6adfa9ca7afb4df47cf26f5643c9017a
SHA512988f5833878c59a2be649f470358038f0223c76abdd0c2c0f98af3a86932c4aae68e484927688800044b46b2a4dc36240095567bfe777584f5fa9f63d597f404
-
Filesize
342B
MD53cc64968fa7858aab3646fb3ade25813
SHA1a65b11ddb86ed2efa49095dbbddca04ae91c2740
SHA2566404e9b7ef87c5e1475ede5f80076feae1709d450f586cb062930adc482ccf39
SHA512d9e75051ac0461526c0bf8dc1b7bd69d22b48ebe31f87c39a155cf2b182cd963b03b0dc7f51813b6fd40f9f2c66784ad073bf2058a01bfa51cec60b8f6588cab
-
Filesize
342B
MD5ced63f1f3ecbbfcdadd5d3344e109322
SHA1f530d742371d1d928cc192e94b06fa7a6b6015a2
SHA256bd671a5ab0073e87a6eeec16de1c9d11d902541b963f4546921d61549f9c0896
SHA51221ac361ceb536d09216d5ce005be1ee3bf1c0683758fccb5a6f59e1cb82abf49d1b16255367775fca6d13320eb3f3f4d90de3d71ad80a806f87cad6de9ea20c7
-
Filesize
342B
MD5bdb2bafebf304f5bfb08f06b637afc15
SHA1e49e0416970154729eef0bcb34ae87e4c959f8ee
SHA256bfbc46ebc665667008aa31c5bf2602ac353d9f01d22b87007e7f55327b792b8a
SHA5129d7b8a1c0f349d82af84825da1de2e8e7e8eb17a802a23a0e3c7586e3811b5072ca9ae5fc6067bdcde7f47a7dddd97ce168d8a846cd063fac0486f1ed59a5a14
-
Filesize
342B
MD542e082855f0fc1dc909aebb7eb36bab3
SHA136e0fcfdd73205858dd181bbd1494829f5817969
SHA2564237f9c729199821c3eca1bc13bb4b99b46d341a22f62db01e62d4f274430e16
SHA512efe64b85e06668d35a02b78578ea5599051c259c08196bb1625f27a33ac7d317d2c7e02b5aafeab593254d80db2f1b05cdc8c046514be316fa499f3a9f62bce7
-
Filesize
342B
MD59910878b7658b1cc4a33fcfec9553e27
SHA1a6d170b0ef67971fc59978e469cb3b9c7910660b
SHA2565e9095b22eea7d6b09f552cc3b59aef9d94f148030be3821f55955c218dfac77
SHA5129764f4c7c321963d7be896ca5748bf723024622d330782d47a1b6855df5c58de90d83672ded52b610aed6954e8143c81059661de6f868b5bd7ca43ca069c67d0
-
Filesize
342B
MD565542a924d419a14f039b67942d3ee8a
SHA1d59038227e371e0b0e1de7c90126532c821fd4a5
SHA25609ff95105132852dc3905e73f747200a45f88c7d335bc9578abf723479fcaef1
SHA51267c81a06d4974f105d67aa8aee88bdc805849b7ec6650a9493f5ee0687181e65fcaa3464e84df9bef23e854dedfda1ecfc2a0fe592b41700d2f7649c41603830
-
Filesize
342B
MD5c913891e3e1dad83bea8606e9b119946
SHA122dfdf46f23b37a2b40b0c03232696bd17a16809
SHA256199eba420a738bba07d90497b3f8c829efbf91072a89b8c4b822a0e71a70b08e
SHA512cf73c4ca515fd70d30e22c52dec57e73d94220d77e16746cfa33e8d788b8251544b468df2262eaefdeca33335087d774700525f53f52fb542b534855ec5951f2
-
Filesize
342B
MD54d2b68b83ff309478991c15b8821abdd
SHA1d39bc6b3b500b3bf0becce23f002de8e5cb1e742
SHA2560d04b3bab7b407b251d2f4114fe45dd949b76b90ea793a405d5278c456e61d75
SHA512a196179429bfa16ec268aadf6e39bbf63675f3ce54cbece12a4d647f1ba6c57f814f345118c8bc544c4d3a0ca936542261dee7a1c416be6285b19910fbb469e3
-
Filesize
342B
MD52c19a26832217d26c070291f80560328
SHA1fe096d5e8b2aef70c1411a4b776fbae7f953df3f
SHA2567b7c80d962c7c9656a95057f2d533b854a1782b4d173a8b189857b8997c002b8
SHA51269584569e8fbb7561abdfdc172a5ce6918a8430d9ee71f9f2bb29b85f3c75d90ce5899a4f9b79e73186441f3a6ae7eb0a213fdf02f6c55d4a30d7cf6627494d7
-
Filesize
342B
MD59d0f13f1789c670b82431a1276c3d674
SHA1f73479cbc41c844a4a5447154ff4a13fcdb45d10
SHA2569e3042e4ff4d8e71d5241431e86ce455930e3492e2c0b28c44096dcab1635be8
SHA512f874beb1ef13a1eb3b2d58a3190ac6c4debc0824737d8d135292331d520c9265dc39f6169d9f6bd59988bad68c57d76d3da78713f6b5de1ef40a23b57579dee2
-
Filesize
342B
MD570aada33200bfa2afb74c1b3bd013114
SHA1bd6f93961ee0b6157ac02a04f89c76269fb35bb5
SHA256c1ae7bd3ccace8b6927dd33af09ed9d6794b07d3562f3915137480ba3d9d1e71
SHA5124a0c842d7a0a07daebf311b8dac7f00997bdf87dfeeaec10f3b2492c693d891cc0129cfd0b0d54e20cfc775cab94d54c4832a548df0093f03707c84597f9a042
-
Filesize
342B
MD5427e0a48dbd44b547fd8abc262bf7f5c
SHA1417998e89bb53267bd509f14095101feadc63241
SHA2565bd11a9b524ff3e8674d1a7b4a37c94dbc734b99ef50fc34850040aec152e4e5
SHA5125a20ef7d23e27ecfe8ab67dfff2dc81bb62697c043444d58402ca4dfc8ed91cf6a061b3d64f7d46075046bbcd856d6e86d9eab2f8df2b8a6312b0d59b63c2f99
-
Filesize
342B
MD59db206b8baeadaa6d972ddbfa1f2730b
SHA1f63456e8f11d406cf7befedb635b43f546dbbee0
SHA256f406e6eafee0586d22544117435589359c0b353ae1e2928221a123b12fcee15b
SHA512ad7a3375996dc6a415db6765b0f741d1253a48ff6cde2ae2ba098888a69fa2b5bff8c1a7e6b82e0ee021cc86239b44069565133f43a0f34cf5d7b45ee886c32b
-
Filesize
342B
MD59158b5efc3576428c44cc5807c33605e
SHA1a3bceab401b848062169563cf579d91dcc19c347
SHA25634758f3356df5076fb254c9fb93f73254ecf6eeb8a732d2cdb085d283f3b0a8c
SHA512a56d093216025b0adccf2f70502108c7334d5c63e8e2851df56f3d9f62b060a648397b8c80ea9a98bd86d53df5613d4c391a045a3c16468bad6737bf90c11f0a
-
Filesize
342B
MD523ca490651a90ed1224c9bdb12e18939
SHA1fe19716378c88a32e4e8d7ae20b606dd941b2479
SHA256dee316e3ce863904bde82b00eb5d2fcfe7daaecf8e859cb8d465cc20eab3b8f0
SHA51263efb149222e4a091b2c3be2c1f22004937bdd58487686a0ee849476dc4d44d531e2ec1b29ff8ff237dff66a1fc26f9697490cacb01216bc324859800816966a
-
Filesize
3KB
MD5734ac6b2a6dcc6e059d5784e015a23f3
SHA1cbfa65e3e9dc81be3fcc3cff36722d33d9eaf1e6
SHA25622589278ea4940943b93fddc1780737f028c06245c05575de5c266940922dd5f
SHA512680e5464f0d6d8c9831090ba7c5b8b3cd6997e09c6fa4c7c2abf85a114d4a5e3f15901089dab5fc17a7ceafa1ba258e37f6911e07ea2d8b26edfb9b5fc9ce344
-
Filesize
3KB
MD51279bf31d9659ad2017369ec1b90473c
SHA10f21c5a8266c36af7909118899e1fa07590f2df8
SHA25674e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116
SHA51218ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277
-
Filesize
182KB
MD53d4b1366fd12a56f33bb50e8426112bb
SHA1b8ae8be571595eb052beba25f2c53f96506f1564
SHA256bc150d1c0f9964f7ba4bf8ab8efb8ebebdb7d8e1cb4aea96b43dc7ced54d1e9c
SHA5128fc7515b7d43c0d101898b8eba08c5fd67ffaee70435271025fc5f9acab2a1ccc1ab665dd07cfdd5cc7b7c89759fc3263c6070a38d49277cdc21b9b2f5269311
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
765B
MD512854b98b3bf370397d58db7eaa4f1ee
SHA1a6494f29ae88955b231cc21fc7141f3fc5ace1c4
SHA2561231b0e1e8eb1851e91029e83e3f430e4cfe2bc453923b5085f50b9adc69991d
SHA5128b8b6a8f1ffd9ba53c95defa32801e9be1b83d7137915d62b3757e7d07a3075d34209d020ffaef9429fd1787d457b20eed243ca759368c10c470a8fba5fc98b2
-
Filesize
709B
MD525eace7c6de9cc29fa721e0441163345
SHA14c7a62256a243bbdce84d772db8fdfeeb9a8c634
SHA256885dee8cbc0426cde24e8b7f80626a864016df65e7f6554695ef10de285da39e
SHA512f657a82ad033d4143f3ddb705a29b49deed96f1e85cc7fdee5af56c5a89544ccf8c2ff3ff2e1b928e7a5cd8823793dc9e79d0b98925d6ecbef182cb9a65e68e1
-
Filesize
2KB
MD5f540b6a5dddbd66a875a6ce38913937b
SHA18c3d03d8ace4c8eb4ec53166fc2defa24686f83e
SHA2564aa9ee6306902ff0f8cba2f210b1828d62e32e28a54014b106a9c940a2755914
SHA51206654380a36a6cb9fff56f8953ffc4a63e4a38ae59990ebfdefb5bd242bbef4da25a4725aa39b865dd5a6e3af098c3e4219262a0a8e151e0694fdbccbca00b3e
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
1.7MB
MD5bb632bc4c4414303c783a0153f6609f7
SHA1eb16bf0d8ce0af4d72dff415741fd0d7aac3020e
SHA2567cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8
SHA51215b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5
-
Filesize
1.0MB
MD5d62a4279ebba19c9bf0037d4f7cbf0bc
SHA15257d9505cca6b75fe55dfdaf2ea83a7d2d28170
SHA256c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0
SHA5126895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323
-
Filesize
74KB
MD5bfffc38fff05079b15a5317e279dc7a9
SHA10c18db954f11646d65d0300e58fefcd9ff7634de
SHA256c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500
SHA512d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
8KB