Overview

overview

7

Static

static

1

ReMouseSta...up.exe

windows7-x64

7

ReMouseSta...up.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 19:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ReMouseStandard-Setup.exe

  • Size

    5.4MB

  • MD5

    af5e828d540131192c4467424306a35e

  • SHA1

    76e1bb985e723a68aa89a4befbc6bd4f13e0b6ee

  • SHA256

    5e0ccd493f01f7cde38bd8b42ad3ab0fadd00b1970f9f1b7e8204dfdc000436f

  • SHA512

    9b087d75b79f0841bee65b635f52452d2a805a438e7ed0f1947e49cace78b122620f95eb9ded67992425143591aed14d5175025c5f34c695c4fe1857808fd289

  • SSDEEP

    98304:w59KDJowUykzN5k2IQfo+KIa86OXh7xz0TV60hgNnqmWUp5FTurs57UxGQEdCddm:fFowjgN5bLKIaC7xg5j+hd7FTuIp9ktm

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ReMouseStandard-Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\ReMouseStandard-Setup.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4592
    • C:\Users\Admin\AppData\Local\Temp\is-U4MOU.tmp\ReMouseStandard-Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-U4MOU.tmp\ReMouseStandard-Setup.tmp" /SL5="$6023E,5359530,57856,C:\Users\Admin\AppData\Local\Temp\ReMouseStandard-Setup.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:624
      • C:\Users\Admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\ReMouse.exe
        "C:\Users\Admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\ReMouse.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3888
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-U4MOU.tmp\ReMouseStandard-Setup.tmp
    Filesize

    697KB

    MD5

    832dab307e54aa08f4b6cdd9b9720361

    SHA1

    ebd007fb7482040ecf34339e4bf917209c1018df

    SHA256

    cc783a04ccbca4edd06564f8ec88fe5a15f1e3bb26cec7de5e090313520d98f3

    SHA512

    358d43522fd460eb1511708e4df22ea454a95e5bc3c4841931027b5fa3fb1dda05d496d8ad0a8b9279b99e6be74220fe243db8f08ef49845e9fb35c350ef4b49

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\ReMouse.exe
    Filesize

    1.3MB

    MD5

    f3b864b4fc3e090e8ad3ead18a2c20f3

    SHA1

    a3f627b76d6f5cbf6d3b4d559a9aea89241f6130

    SHA256

    b5dfb4e59f1764bad01615d94ace06b7c45d4d51d36bbc0f9cbafc2762e47906

    SHA512

    629ce00bdca3975b9f396915106397ca58a3117e566af902c1aaa4ab7f6f19f66cdd513879ac3543dfa589b3060d8a8b96bdb20e8a0c1049d1abb1f6e1ab1960

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\conf\ext\app_ico.ico
    Filesize

    112KB

    MD5

    61a64215a9f924a636c6518e04514391

    SHA1

    40448fdbb261e29db28cc3a4732f88e8802a72cc

    SHA256

    43cb0559c6f67133c9f43ffbfc9e0ec20bd2ee16fc6a4cc21be26cbc15c6dd20

    SHA512

    fe1224aedffa7907e6c9c903bee74d194cf04bce2f61f630c174c80aa626474c9c90bd564fdc2814ffa1b46e463c8e564b1081b3ff2b13d740c0b46e1d19c56b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\conf\ext\icons.dll
    Filesize

    169KB

    MD5

    32ee6173f137080755bb5127e39ace9e

    SHA1

    e9c2bc7f5388ce262e2e2ada5637cc2884b7bcbc

    SHA256

    fe1ea3f712f6883025ecd8cd9553ff0e26189110bdc059a304305b14278d1726

    SHA512

    191201f067ecb39f8d0e9aa0c4e8a312b660039132d7354448794498cea405ee4f2e691398443717fb35ca32aa88ea628c583a10cb55e698b2bf0097995265e8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\conf\ext\mskbcodes.ini
    Filesize

    2KB

    MD5

    137eb2bae98810f3c549813e3832b3e4

    SHA1

    556f2983410fc22502c29e612003013051766486

    SHA256

    629fbdca845cb530c5335675f85ce6b517d4c2b961874e317b869ae4c706699b

    SHA512

    80539c43730d56c02df9a8fd229395e648b9f35faf24c9044b801884d9b29a7fa0df0b8a66851fb4cc8319eaf70c726ebef7f4ca4ac8b318cf1dc5cfaa502344

    Download Submit

  • C:\Users\Admin\AppData\Roaming\AutomaticSolution Software\ReMouse Standard\conf\rms_conf.ini
    Filesize

    435B

    MD5

    f9107282ad3e82b1160e1ace323f358e

    SHA1

    b0a5ee7380d7d70b4ca307313d1b093b858312fd

    SHA256

    649ccfa8a0d93c02fd5d6b1cf2db4a0fa4b828810540823a68f6a7c6dd286ac4

    SHA512

    3a068f39cd42f1049e9b19cada95124d7d936f90068ddafc1999fd6c5c40ba25fe458fcf19eafe0cd6d601d973b76a0a82e0a97d8ae525c0accab0581f456e23

    Download Submit

  • memory/624-77-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/624-6-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/624-15-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/624-11-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/624-9-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/624-13-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2516-88-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-90-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-87-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-89-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-81-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-83-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-82-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-93-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-92-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-91-0x00000153C5BD0000-0x00000153C5BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-8-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4592-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4592-78-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4592-2-0x0000000000401000-0x000000000040C000-memory.dmp

    Filesize

    44KB

    Download