fa33a79cef198b9720dcd8c28a345e5532a6bc8c9b79db6640a2a5f6ad56ef82

Analysis

max time kernel
75s
max time network
82s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/05/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bindu Software/Colorlab/5100 Software Manual.pdf
Size

3.5MB
MD5

af41f4a3992eb0a1bb9ff1a0cef881f1
SHA1

76ca1ae7aaf86a1b93ea939e38dc84c5f815e30a
SHA256

b15e22479e08d6c97832b8c9a9034deb2c7b73830f6cf5ebbd82435d856ddf0e
SHA512

f06868c6451314f0cd5ef1d0150a754477a74fc0b04c1efe29cf5ef8e616bc0ac51edc0cc4ef15420d9f452b30aeaab334d03ca925650a24c6a6a9b896f06c5c
SSDEEP

49152:NE0/yMHEtt7qy5TYXmxqZRbcsDvhfuc0nMHWbkyhONNCcY6A3eHZ/:NE0aVt2yVCKI1unnCHJNAtKZ/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4336	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4336	AcroRd32.exe
4336	AcroRd32.exe
4336	AcroRd32.exe
4336	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 4612	4336	AcroRd32.exe	74
PID 4336 wrote to memory of 4612	4336	AcroRd32.exe	74
PID 4336 wrote to memory of 4612	4336	AcroRd32.exe	74
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 2316	4612	RdrCEF.exe	75
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76
PID 4612 wrote to memory of 1648	4612	RdrCEF.exe	76

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Bindu Software\Colorlab\5100 Software Manual.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4612
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=01807466821B272919B0864FA9E7FDFF --mojo-platform-channel-handle=1636 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2316
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=30B09588F2AD95784BD836B663CFF643 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=30B09588F2AD95784BD836B663CFF643 --renderer-client-id=2 --mojo-platform-channel-handle=1648 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1648
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=74450D944A3BF6EE5975D57D961EC830 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=74450D944A3BF6EE5975D57D961EC830 --renderer-client-id=4 --mojo-platform-channel-handle=2228 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5012
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=60209877A1FAD3F1CEE72AC18144D361 --mojo-platform-channel-handle=2576 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4412
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=05FCA26BB33A3B205088A6297B52ED24 --mojo-platform-channel-handle=1708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4172
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B458A6AB4FF1D5B22C39E8DC5D06FF96 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
bdab9559bbfd99acc70189c0e0547e9d

SHA1
cc80c2d82cb66aa1121cb1af31e283813e2ac4d4

SHA256
12816ed996520f190e2b5d77035d7a3b9ea83d861c5a5f4cf7b453a7c59361ed

SHA512
3390c51ddee7aa7b69da0624e3410fc2eeb13fa1a094ee43826c2b2428c4189dcc3aadaa4adffd10ddd0ac650f61fd023492d2dd283ecf38bbc540127e52ca67

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ecd7256fba4b6fe82a4ce96111008ec6

SHA1
94b358b0017b7ca4dde793330dc24c55f6df1a8b

SHA256
2df8bbc20e37eaada85300c01b5d1576a4ec59b5e37b2d8d7d66512af7fa97e0

SHA512
694dc0d0aa4b7d03fd1c571940f7287eb4c2377d31e04dd84d27fb6af96b76d775521d059ffb8935153688d10fc7ef6a35faed6bfef560fe2ef71e3daffd621c

Download Submit