Analysis
-
max time kernel
113s -
max time network
85s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
07-12-2024 19:55
General
-
Target
XMouse_Button_Control_V2.20.5.exe
-
Size
2.9MB
-
MD5
2e9725bc1d71ad1b8006dfc5a2510f88
-
SHA1
6e1f7d12881696944bf5e030a7d131b969de0c6c
-
SHA256
2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
-
SHA512
62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
-
SSDEEP
49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 9 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
NSIS installer 2 IoCs
-
Modifies Control Panel 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 33 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\XMouse_Button_Control_V2.20.5.exe"C:\Users\Admin\AppData\Local\Temp\XMouse_Button_Control_V2.20.5.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x641⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.0MB
MD5d62a4279ebba19c9bf0037d4f7cbf0bc
SHA15257d9505cca6b75fe55dfdaf2ea83a7d2d28170
SHA256c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0
SHA5126895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5751b2e7ee78b6feb7da6e0d4a152c362
SHA106a7c80ad15ee959892c04dfcbffcd17e052667a
SHA256d6df2d3f1ebc7cb3ff7950902619654bf85affd9950bc54ab5df475314e682a2
SHA512949fb97f9bc6ddda2d07be4b317dd607ae66d10d67f21f995684d400426cef78adf694aef3aa5bd0aa8f11938a5844e9b1ff5f72d0eb797e18a4493eefd3e300
-
Filesize
342B
MD5772aa88c6e44fa201846ea6ded3cd4df
SHA100a195735ba9ea745377de4a67115fbb136d4bc0
SHA256a4b900e02d537ebb22e18da7286361022c07c63cf4c3e3c41cb7a2462114cbad
SHA512052cceefcc7f2a1352e4b89a9f9cde32140f14081e2abaebe1f6d308302122771afe3393cfbcf3da65f41bcfea7c948b0ae53cbec6052563437d09434d738291
-
Filesize
342B
MD57726bb82ea926f31b31e460835c27441
SHA1c5883ec8caa804bdfaee766eefb933f0d8bf7b0b
SHA256611bb0b2ce49f3b77fc7efc779e8bd383467c634f238cf6fab8358a865a1f1be
SHA51208d6112738fd8cd27d5da4651e5b5a3d6bea5b797276c1843a134fea0e88e3c2a3cea52c48eba51e1d3953fec910fc7465a42199673df2c58d45dfe0380c7dd9
-
Filesize
342B
MD50641f2f146ceaee013e62318a2f78bed
SHA1a623e3fd25b8c18b90187dff48545870a15386f6
SHA2565c1826f29b9ee7e9e5a28eddbc7c9ad7eb58fcbb12568f18d555ab2dd60a4dfc
SHA51272a6771f41925f9392e0d67232a79173942b0ecb43358bf38464c213f7aaa399c86ed12fd0f4c5786bcea60d0cb92d6d41aa9d115efd562e625cce3101fdc3f2
-
Filesize
342B
MD5dba3f3ef74942bdb40b7008dca36eeaf
SHA136abb3af3d5f214917228d809c8c2e6b7b09eb22
SHA2563ddda34b4a3b3c6833096ae85fa1b13f55b16de1f737a3959df1113112c3308a
SHA512a5f6bf36d94ce6374dac47802e063fde47c424d73d8c5eb4e963236902e053d9d213f8d5f4be8d1c28f30bf86af7a4ae8ff337455258c64c3fb4164f3c5c6cf5
-
Filesize
342B
MD59d25edd5fceb37f71691fcceb12d3ba4
SHA10be400e439c3716a4eea3f5e3fdd581f07b23ff9
SHA256694b90d3a8d6afc61567583ac4da1c504167a23312fcdef15d7395ca3502c6e3
SHA5129e8eba6337db45999138384b4a354779e722de1766479ed4177c0992704b8e745d2162df9d70cdd3d34d16b23d2091ffaff2ec41ba5032daaf70754f73a314e2
-
Filesize
342B
MD5a1f05f6bc24de62a7dfd340902c902ac
SHA1722473e7468c98238e289c68848abab174c396ea
SHA256dc36ebf2d4c0400ff81723be227a9c289f79551c98469a603ec070e9383458fe
SHA5127ddc9a331eaf927a9e85e7261ddfcb1e3a86ce5ddc5cd7c446941c8d99ca7655e13cb0fecbc0e4fe648191f88ba89aa9fbbfe9a71546a8b79159f694af3a5466
-
Filesize
342B
MD55e1018f42bfadec2a86bf06322edc238
SHA1b43d564f82dbd80e71fddb03fd1100e56fd5e127
SHA256cfa5a81db2dfe83d29f447d1c4822842ffc6bd735d8ea67e70203caf190145fc
SHA51231be69264840c103774f19d8fe54ab7994989cefac1f7fc4aeff0bfdf714985aa1341e57d1cbf187f948d871128f259b4910bcb382c74b16e7eacf66a3db9228
-
Filesize
342B
MD59bc25d71be09dcef250b6fc48d582c72
SHA179e366ecf7d52c1f743995487622f45ca9dcd464
SHA256fd1976a63b0e02ab800dd52fcfd2e279b05dbf1cd8e2e3316a5537c76528ca69
SHA51248626532c5423257b197b50aced0f877b967d6d65eb0f34cf2fd65d6ea2fe351c85942afe8a0ea95aeee49fc891c175ab90f7ff238d9bab6715b10059b793c73
-
Filesize
342B
MD5c49e29c98ed9444d2d47494d45804997
SHA1c68741014b6ec3a2b36abf2e23ac75cc644ff811
SHA256a39c0e48f125c84c4050b02700270d0942e10522e81e47e90ef7b2fbb85d30b6
SHA512256aead3828eaa4821886e6ec3a96bb30c0e41692152da9013007fc0ca091b0f68bb74761576b5c9da302409b22acf00d669f4948ac9be3a9c7edbfe4d3eb2a0
-
Filesize
342B
MD5756c203fb97cdb40b49cced7d74c13c6
SHA17f0a6f4f8b3f07e872f13ed99ef070dd56fb5b90
SHA2569f71d792cc6e7ae15f12cfd6708f4df05e6c9842f394d4b1244b77856a7ed84e
SHA512ddf9e9af7e8df9a15ed1a8567b25448236b3f03157d143109bb5a524669bb9aee88dd3019f877f7f9271f6dfa4c1e61bc2ef6803c20afbef7f90ef2515954929
-
Filesize
342B
MD54163c77c9fc5df9574c505772fc21913
SHA1e4c26b4a660313b51fdc7e30c34df9cac8c73f4f
SHA256a20082c3756f92a9faf9a1958cdccaee5306367277728a8fbf89a8f392b41666
SHA512a8d94385944ad2419f5274048877801a3424d75cd417801427e4e9a94d29b37b6c76dc0cb2461c572121a8eddb5f2d6ab000689147f7872a34f0314962400bc9
-
Filesize
342B
MD559ae61caedfa1783060e935351f5cb31
SHA19a81e5d52dc47a0c619ddc3dcb9ca3a2556db93e
SHA256a2c0e8e85eb70bbc3132d3044675bfc850f4492c0578f0e43c62d1e20dbea697
SHA5126d3c89e1cf4b9dd119de852f5e045b21ff8be517b16bd46f9fe635c707442faf6035f01535fcc79b818063b12069a94edac25fdfbfc4cfadd507a4beaa91fc37
-
Filesize
342B
MD5b1e2f72d01507d7d3e5163c4d4d9a696
SHA1a85348a050bb8e871df5bef6613516fc6aea06f2
SHA25667de164a9d61f8687e806ff62a9d4b43a68114b834c90e3b04994899e1a60de3
SHA5125c69493b8b54c4f7a51f561fd71d138422421fb32d9b256cba537f1d52fb2aa4ce7c6b788c5e73637c42b98d45c52a0e981fa201c85c882c9ad846b2937e7c3d
-
Filesize
342B
MD55234929ad4e73de48f7b6ec4e12e28be
SHA1f871c89e419dffbfb50fc91c6287a6613b590809
SHA256e8ea0c82b17e8f3427806e1a93770f842223c3d34648a85674d0bd462612ff3f
SHA512d09a5f689839d5a088d1b33ac333fb86cc822dbf8a7d14a17fb4764a9c24916fb3353d4a4d7bf6d81f90fbd4b886a9688a96b5860a8f8e953bbf8f72a5b5cefa
-
Filesize
342B
MD58d239a97e13de3f0573fe6fd8c428ee9
SHA16e7309e032d403661e17116a0cfc17b636724046
SHA2562a53a63c48f59cf7811e1e0e487d6ac03c34de4d67ec6b5a5e547e994d10b908
SHA512095c8aedec44ce0baeaab0ba8403c56539af2ae432ad2e76219e5270c66887b129dc30ca894b6c1d2484195cc17f50f5ac94055fe8b8c0f2c3b5789084dd38bf
-
Filesize
342B
MD58abb24a0a76d5a41d172fca32c1e875f
SHA18a9935abd79104ec08cbd4af2a56077bd259b6e9
SHA256ceb62e8c70809586b2df463fba8b2943221d49af2acde93db2c1fbbe4af14fe8
SHA512e2d1f0603c7a7b6670ecb474c64ec838df57d820b41f6862353a463f174f13d138be8cb045cca8421649668f738e4959bed3b8f8f93c1b76d53e1e319a3ec2c0
-
Filesize
242B
MD542e159145bcf5db20b2b83284ea4901b
SHA190d840489f931357a1b4ca0b0a455db7c95ee8bb
SHA25664ab5e193e7a422b0d9c4e149d30ab73eb9b9e26a582035a505b913f663ce66a
SHA512ef01bfcc42af00e08c7898a97531726ee1a0c39c6b85298f899ad2f59fd7cbbdcddda81ec0f791ccf54f4b48cb7ecedbae6d2607e127950001d32c8ccc2a7202
-
Filesize
3KB
MD50e26e536c9dad322d4063060dbd9f835
SHA1aeb5c2ae185e91e37c927a70f4dfb1c4a1b520fe
SHA2562e1ef7ec07d5b3abfa051c610472c41bf63d7dd7e3362b1261bf410561687333
SHA512e09fbe4def672967d027e1288cf491467bc84f4e9100b4b3ad4eda3e16c5376e91c0b8195c1d58ca7c9975d0c6b6ca9684436eab8a17f17aafe59a6a29f117ab
-
Filesize
186KB
MD529b2a0f535009d17955b16b7a459f521
SHA1c8d30223702d744d2aebbd423cbdac8617cd52ed
SHA256636c70a1d4d8fb72d56b42929abff7d710abfffe1c10cf593ad2c34c486b0473
SHA512a66d45bd995f50f04b30175c24b4eb1fdfd552cecd38075f74b84b1d5403960744ad6cfb90954ed4d7a7f98b7668643b807d87d1cc1ee1e010e0498ae88b33d6
-
Filesize
3KB
MD51279bf31d9659ad2017369ec1b90473c
SHA10f21c5a8266c36af7909118899e1fa07590f2df8
SHA25674e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116
SHA51218ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
696B
MD5e7a0e25234505a9d5c0fc8472240a05a
SHA14e734a58aec76c757e0818f288c0880d867cdc26
SHA2560bc25e8161bf5eddde31660a2c53c29d1e63f3842dddb6bea5cb8f17431400f7
SHA512f8240f16384ab73676c8bec79f0d405af6831c1067abeb9620e93477a2b15e419c7fe597f8b1772b122752580091f5006abd9e7e5ad224e600e4ec5a18024a59
-
Filesize
726B
MD5ba4f5ee08ad6ac2c36a9eb5164cb345a
SHA11b371a5ef7965cd1d267ac41936f0e04e461e8ac
SHA256a112d7f3bc6b307054702931b5eb8626e31e93894daf1f45aaf07cc2bd87cdd2
SHA5121cddc5241909b9bf5066cafcdbc3a9a5c5eac95b5fc832e2410b5dda0d0434e8d4c43b2658e19e6fbeeead13e8b1a4215b82a7c4641fc9e19d0c8eca15b8b2af
-
Filesize
709B
MD58fc6fd51db3b5153fa49eac66d2b3eb6
SHA1f4a14dd232d3d468826cfe99cf588409097d439b
SHA256c6c34e9e591896ae80c62fac1630ecf080bcc54afa574c881b1f419be033ee78
SHA51270d55bccfcb81f9c17105f67a1f13b73f3aba76e3c70c2873ab8c91df7e7d9bbc64546be32c0b9afbd0405de23ba7d7efe2eb3c68ca24f165fb37285806375df
-
Filesize
739B
MD5a60737f2c92a85de0b8cd72b8603cd44
SHA1c4ab8d6de67e89e7d16852063dc3e4bc11eb7470
SHA2560fc080ce0e02b882249d5ea92c0b45d34ad7e359adf9424371e0637ff0b62448
SHA5122990af716a526956436d2065097ecbf633eab0a17816c0f0a0a9189c4536d4b7d5a6115cf37b97cc529d820012f59a82aa1b68bf05c0f01050067444c8bddf96
-
Filesize
364KB
MD580d5f32b3fc515402b9e1fe958dedf81
SHA1a80ffd7907e0de2ee4e13c592b888fe00551b7e0
SHA2560ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
SHA5121589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
Filesize
1.7MB
MD5bb632bc4c4414303c783a0153f6609f7
SHA1eb16bf0d8ce0af4d72dff415741fd0d7aac3020e
SHA2567cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8
SHA51215b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5
-
Filesize
74KB
MD5bfffc38fff05079b15a5317e279dc7a9
SHA10c18db954f11646d65d0300e58fefcd9ff7634de
SHA256c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500
SHA512d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6
-
Filesize
14KB
MD5d753362649aecd60ff434adf171a4e7f
SHA13b752ad064e06e21822c8958ae22e9a6bb8cf3d0
SHA2568f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
SHA51241bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
-
Filesize
7KB
MD586a81b9ab7de83aa01024593a03d1872
SHA18fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be
SHA25627d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115
SHA512cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac
-
Filesize
10KB
MD556a321bd011112ec5d8a32b2f6fd3231
SHA1df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA5125354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
-
Filesize
9KB
MD5f832e4279c8ff9029b94027803e10e1b
SHA1134ff09f9c70999da35e73f57b70522dc817e681
SHA2564cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061
SHA512bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d
-
Filesize
8KB