Overview
overview
7Static
static
3XMouseButt....5.exe
windows11-21h2-x64
7$PLUGINSDI...md.dll
windows11-21h2-x64
3$PLUGINSDI...ns.dll
windows11-21h2-x64
3$PLUGINSDI...er.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3BugTrapU-x64.dll
windows11-21h2-x64
1XMouseButt...ol.exe
windows11-21h2-x64
1XMouseButtonHook.dll
windows11-21h2-x64
1uninstaller.exe
windows11-21h2-x64
7$PLUGINSDI...md.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3Resubmissions
06-01-2025 20:05
250106-ytzahswnax 706-01-2025 20:03
250106-ys6cfaykcj 706-01-2025 19:56
250106-ynwmfawle1 8Analysis
-
max time kernel
898s -
max time network
433s -
platform
windows11-21h2_x64 -
resource
win11-20241007-de -
resource tags
arch:x64arch:x86image:win11-20241007-delocale:de-deos:windows11-21h2-x64systemwindows -
submitted
06-01-2025 20:03
Static task
static1
Behavioral task
behavioral1
Sample
XMouseButtonControlSetup.2.20.5.exe
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral2
Sample
$PLUGINSDIR/ExecCmd.dll
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral7
Sample
BugTrapU-x64.dll
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral8
Sample
XMouseButtonControl.exe
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral9
Sample
XMouseButtonHook.dll
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral10
Sample
uninstaller.exe
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/ExecCmd.dll
Resource
win11-20241007-de
windows11-21h2-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win11-20241007-de
windows11-21h2-x64
General
-
Target
BugTrapU-x64.dll
-
Size
364KB
-
MD5
80d5f32b3fc515402b9e1fe958dedf81
-
SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0
-
SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a
-
SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0
-
SSDEEP
6144:tv+VkJpn803Q9eg3rX9FudjTLNjGGtOCiKTBObg:tvfJp8aQ9eg3rX9Fudjx5Tk
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\6 rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\5 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\4 rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\7 rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\3 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 244 rundll32.exe 244 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 21 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 244 rundll32.exe Token: SeSecurityPrivilege 244 rundll32.exe Token: SeTakeOwnershipPrivilege 244 rundll32.exe Token: SeLoadDriverPrivilege 244 rundll32.exe Token: SeSystemProfilePrivilege 244 rundll32.exe Token: SeSystemtimePrivilege 244 rundll32.exe Token: SeProfSingleProcessPrivilege 244 rundll32.exe Token: SeIncBasePriorityPrivilege 244 rundll32.exe Token: SeCreatePagefilePrivilege 244 rundll32.exe Token: SeBackupPrivilege 244 rundll32.exe Token: SeRestorePrivilege 244 rundll32.exe Token: SeShutdownPrivilege 244 rundll32.exe Token: SeDebugPrivilege 244 rundll32.exe Token: SeSystemEnvironmentPrivilege 244 rundll32.exe Token: SeRemoteShutdownPrivilege 244 rundll32.exe Token: SeUndockPrivilege 244 rundll32.exe Token: SeManageVolumePrivilege 244 rundll32.exe Token: 33 244 rundll32.exe Token: 34 244 rundll32.exe Token: 35 244 rundll32.exe Token: 36 244 rundll32.exe