Analysis
-
max time kernel
90s -
max time network
94s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-10-2024 06:41
General
-
Target
XMouseButtonControlSetup.2.20.5.exe
-
Size
2.9MB
-
MD5
2e9725bc1d71ad1b8006dfc5a2510f88
-
SHA1
6e1f7d12881696944bf5e030a7d131b969de0c6c
-
SHA256
2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
-
SHA512
62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
-
SSDEEP
49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 9 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 2 IoCs
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 30 IoCs
-
Modifies registry class 33 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x641⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
1.0MB
MD5d62a4279ebba19c9bf0037d4f7cbf0bc
SHA15257d9505cca6b75fe55dfdaf2ea83a7d2d28170
SHA256c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0
SHA5126895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323
-
Filesize
342B
MD5c1e2cb800c3db69e9a5df0a7467e1607
SHA15023448bf0e156871eefa31cbe1703f58b1c0827
SHA256b131989de0b28525b0056400dcf469f65a67c3f2b2c1b11df1e50bf0ee1f2bf5
SHA5122193508d88ee647fe99d58cfde7c9a5a497262e3323685b5c5be1b2ae112e70597e448e2eb5db76fcaddf569d9ade9e47c36031cb689a6aca4d22ba019b3729e
-
Filesize
342B
MD5408d0453a3dba49bfa5f6d4365dadd17
SHA1ba5e4f936ebc752e8cbeb63f2ab7db3f98369737
SHA256a0755ee0eb59d61d353fe37d62b6c6785089363837ca6fa839d8edfc20901bfe
SHA512d67a17ad9bf42d5989b5d0d0f4c95ed4c570f417e18adefb30e2f467b528a4cefd8dd7b847c5b1744c0cf142ee9fc950dbb9faa7da09b491760d3fab32f8762f
-
Filesize
342B
MD5482070dc7d91b023a8d009abed9297f6
SHA14347d12d281fcbeeaa5c9f1e9e77308f33bbe170
SHA256f6a2fc84fcc61ecb57bcb83f00ab327d867b9105b61a4cf1ee76300218098f44
SHA5129afcd435e58265c739898f09fdc62552510e432ce4b9d52457931ebfb4b35b16f6aeec51e3a1fdba841bc7b5215ac1728e29f894a69ebeaac52c4d4b1878e85d
-
Filesize
342B
MD5fc68bc30990cf27f24b9061f2cf24a08
SHA1a2977eac85b8eadd00acc3d6346a741dcff4be63
SHA256b8b33e877d0d9c2039af291016cb3439f87cfff776b67e23f3ff57c607a15467
SHA5127168e717baf97ecf1e55c391172bb6d86a92848b6e761c205b649ab31cbbdb96fb1c8072b6caf67b834d71669ae539d34185a789ef5a53741ea588f061138738
-
Filesize
342B
MD54d0fb51b9df3dd72da83cc9ed4f04d99
SHA1c3a0bd4cb1b30cf99d511757ecab8cba67cbaaaf
SHA25650db703d7b4248e7915a354c7ee08eb0f09028fb5df467522099d47bcacc290e
SHA512993970654159307abc59e65224b4f222c5032aac3d385648264f48c956caec5b04e1c86c7b670742262229bb86e916931cec92405d3755fbcc6a05ead74418aa
-
Filesize
342B
MD56f54b3435e8b2b42d05d1865ca9f12d1
SHA1514ab88a45bf060ef83b71128abbd95251066638
SHA256394ff59393551983ef3ba43710b48a59b416d756ce666f24c8d74be77edcc5f2
SHA5127fbe26c26e94774be09aa2599a4b19bc5565bf2729d400e0fc66e25bf7886da209f89aa170cc391cdc14f18f7c8efd57c78c6d4db4a38e12a2dce40ef81f9d04
-
Filesize
342B
MD5384396adcf4a3c264f0a74c321d1f73c
SHA1389f55229191e3190b9ad8e982cf752f5de298dc
SHA256b9ee970836e480633b7f26bbeb52e84d87145390cfaa6d62a8aded80cdf4d061
SHA51245f9375773b7c4529f9f12b943995415179c186855ff4fd993c415852c010340a31558284b7ba606b2a376b11f05f8860f6cf643e5d1800ecdf2bccf3ed181b5
-
Filesize
342B
MD5621c3481465136d51f15289933d40dae
SHA1726b0f061dd0d3052b112f20d6961c512ccac38f
SHA256ef4546015aa7663cb34b1cdaf8367197810a0344005a8f23516801b0d14adf37
SHA512ba3cf1c91bb2aad4e98f635eb9085f42a27d163dc37df9fdc87170aee8fa86de7dbc58d814d5c07fa420bc258b4255f7463fa75de74d7a4e4d7c94861fbad691
-
Filesize
342B
MD54806597cc0dd3b30ef0685768cb3f465
SHA14c9f220eaa124577e022c97ee8a0c9bd042b69c3
SHA256f4334689e4acf2651ae57c61e6a8d7a1c3f92fbd7e7a884b79a585b674179add
SHA5122b83b5058ebc482337ef2ed682334be2297b3a7e0792084ed0795e76574f3a2c7c3aa0c8d6fae6bde1be293fd5f64cbc2bddd2e5d61418aeb13a4e1f8de96003
-
Filesize
342B
MD560b31bac88353596be15682d1b25feb0
SHA17c36f9bdee339089c3afbf846d67cebc5ec0c852
SHA2569c52921110e8d01c767bb2c461d5e131c343d71497ee7c5bb2aa563690c68512
SHA512c9aca273b45b7ce8e282e07fdbb322dcd1723fca663de4d265c6de66840bebd2a0645516577582823603a9e2f19d573f64edd00b7f77bb4589cbf964f737499f
-
Filesize
342B
MD5adcc620c3a62724370d96a8a059132bc
SHA1cee4347b8452c2b64b1814049613d77688ca3d59
SHA2560d6f99856814b83e176998a5b646c1757caf23474f8ad5cb472a75de88b5ada6
SHA5122cc9b90198d901d8c443594a75810e4101fa4cd990059827e282c020694618d4ba2250dd76e34b24290006a2ee1b54bb34f2a2dde294b27dc8d2c3b606754b36
-
Filesize
342B
MD54cc4dfebe44272870568865f5aa5411d
SHA1bfa13c638fd6385687e14f13dba55d036a58b200
SHA2563156f298c9575323c0a7155ad226d8b946a1a1ab9c21c7a4f7199ee7d488bc31
SHA51234630871ea1d6df0c895c669e798253af6867be3a1d6ec162c1e11cca05a0caa7f8b5ca71714d694a308f6a61663e3cc31c292a382692ccbb1a72b1a2f92fde9
-
Filesize
342B
MD51010f34aee069df1f0c0ca31389e9a2d
SHA1da56ac920e2e4403409eb843aa201e449bb1d0a7
SHA256e8584f98fbc4e130f74f2a8c78846237f0b1f8dfab09cb727e52f9e8bdcaf78c
SHA512eba0469360b2c10f3ef95556e776ad2f36e7178e76bccafcf74405be6ca213516e977258ecf6a4c08c4b61313d3d55db48a4d7effec1760e6befeefd0d3340d1
-
Filesize
342B
MD5c9f47894bfcf52e10f43956025499dc2
SHA17e7348c8be987af0880b55079e3b28ca39f02c45
SHA256f42aecfa81b0331072f7f2f85904cfee3ab729a5d6cdacc4989ec9492345b2c4
SHA512c077686f485d5d2118dad793168ab84b0608d2e46ed490cb163ceb195dac4acbe355b7e870e100278579b6275b5d7cb9102ae24828db585cd15a10cc352c773c
-
Filesize
3KB
MD535e8abae341d5d324ce328fd2f333a83
SHA1088b25ced8159cdf593cb2bb7d690807f094e72b
SHA2568b4bc300a0a5275525d0d72170a720f576f1030f074832e7e780b20311743011
SHA5125e5c580df2808f5d495e1c4163b3c8a22ab2e74255cc55836c4e9cdabca22e1301c569b8d175a1101c0c738e071fd167eed6d666fb4aa56a08a5ab59613280c8
-
Filesize
185KB
MD5998bc9879f000a8bef1e24b4430a3a51
SHA1d2667644f3caded7d32f9dbbb68c29489a069033
SHA2560039df5e79e5743f132c2903566fabbb485178f0fc6fa488518b045f761a0fda
SHA5128e70bc5196d25263879683770d92c43a0751d440a55b2d9dc8aed30b771bba654b96f3892a29d55d46192bb9ea60a34e51ca2c207484b73ed9485a7396231339
-
Filesize
3KB
MD51279bf31d9659ad2017369ec1b90473c
SHA10f21c5a8266c36af7909118899e1fa07590f2df8
SHA25674e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116
SHA51218ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
696B
MD52dde63818024c58cc1f94d09bda05b4d
SHA161451c8b94b9408a794f0f763dadefda5f5c28b5
SHA256561a9ee4f5680ec1ed99393b04f9930a9321ac3402a5d4a519b51c5930609e52
SHA51273a48468a9ac13c42210d962967aef2b84978f9e90bf5b229b4e93a5ade405e460745682d18bd3a659b94f116da43b954725474868c32aed1a39dd5a5307d06a
-
Filesize
726B
MD55cd9e316ffe0757765ebf9ece361db72
SHA11c19792ffdc0f3ee2e40c605a5e6ce8cb61e2e0b
SHA2560e2d790695e18480deb64b0522945687238b78f45af280e8b0fba53ac96e605f
SHA5128422b599c6ed8b42b10187e206cfc5bed588cbfec1ab343334256288ea33a7ed45f191f8c2d46d967d91d0d3cd7fc35fbca852f7cee56b9ad5717971148e21df
-
Filesize
709B
MD57e9548dee89832c979fb6a3c8455319d
SHA19c3c43ae4df4b1eb417ab09cbeb3318f2aa5838e
SHA256b404c64a99467e4a97ecbe0b739eea43d5ba486e2983d685952ca7aa028c946b
SHA512c3dc93ec4aebcf53a82979d001d58dc4eee814ccff1a17eef1b69748681445fb87a13aafcaf2528c8801648282580ddf44b7e2273446d6c1d7cf7b44a49a52af
-
Filesize
739B
MD54885efc1cc4e259cd6df98df670e007a
SHA1a618cff81ff8ca8935fa317c7e61cc3f2fc4d393
SHA256286d04ea1a77c299d6cbd10dbbf997bca7037b9032a2986898a7c94d76d3a0d0
SHA512364988dfdce79d325f442511840cd5d4ec5b7a5949ede61dc24038e244c7d02637040033d82e178f53a77307b306454a6968a0ad7d8ae1707aea44f7049eedab
-
Filesize
1.7MB
MD5bb632bc4c4414303c783a0153f6609f7
SHA1eb16bf0d8ce0af4d72dff415741fd0d7aac3020e
SHA2567cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8
SHA51215b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5
-
Filesize
74KB
MD5bfffc38fff05079b15a5317e279dc7a9
SHA10c18db954f11646d65d0300e58fefcd9ff7634de
SHA256c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500
SHA512d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
8KB