Overview
overview
7Static
static
3Bindu Soft...al.pdf
windows10-1703-x64
1Bindu Soft...32.dll
windows10-1703-x64
1Bindu Soft...50.dll
windows10-1703-x64
1Bindu Soft...b1.exe
windows10-1703-x64
1Bindu Soft...or.dll
windows10-1703-x64
1Bindu Soft...32.dll
windows10-1703-x64
1Bindu Soft...re.exe
windows10-1703-x64
1Bindu Soft...nS.exe
windows10-1703-x64
1Bindu Soft...ro.exe
windows10-1703-x64
1Bindu Soft...OM.dll
windows10-1703-x64
1Bindu Soft...32.dll
windows10-1703-x64
1Bindu Soft...er.dll
windows10-1703-x64
1Bindu Soft...32.dll
windows10-1703-x64
1Bindu Soft...ms.dll
windows10-1703-x64
1Bindu Soft...60.dll
windows10-1703-x64
1Bindu Soft...nt.dll
windows10-1703-x64
1Bindu Soft...ev.dll
windows10-1703-x64
1Bindu Soft...ws.dll
windows10-1703-x64
1Bindu Soft...32.dll
windows10-1703-x64
3Bindu Soft...ws.dll
windows10-1703-x64
1Bindu Soft...l2.dll
windows10-1703-x64
1Bindu Soft...er.dll
windows10-1703-x64
1Bindu Soft...ll.dll
windows10-1703-x64
1Bindu Soft...32.exe
windows10-1703-x64
1Bindu Soft...m2.dll
windows10-1703-x64
1Bindu Soft...ty.dll
windows10-1703-x64
1Bindu Soft...00.dll
windows10-1703-x64
1Bindu Soft...Me.pdf
windows10-1703-x64
1Bindu Soft...80.exe
windows10-1703-x64
7Bindu Soft...15.exe
windows10-1703-x64
6Bindu Soft...53.exe
windows10-1703-x64
6Bindu Soft...up.exe
windows10-1703-x64
7Analysis
-
max time kernel
311s -
max time network
1607s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
16/05/2024, 09:59
Behavioral task
behavioral1
Sample
Bindu Software/Colorlab/5100 Software Manual.pdf
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
Bindu Software/Colorlab/DAO3032.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
Bindu Software/Colorlab/DAO350.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
Bindu Software/Colorlab/Lib1.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
Bindu Software/Colorlab/Locator.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
Bindu Software/Colorlab/MIO32.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
Bindu Software/Colorlab/Measure.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
Bindu Software/Colorlab/ScanS.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
Bindu Software/Colorlab/Spectro.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
Bindu Software/Colorlab/USBIOCOM.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
Bindu Software/Colorlab/WSC32.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
Bindu Software/Colorlab/X5VBDriver.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
Bindu Software/Colorlab/XYDRV32.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
Bindu Software/Colorlab/comms.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
Bindu Software/Colorlab/dao360.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
Bindu Software/Colorlab/haspclnt.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral17
Sample
Bindu Software/Colorlab/haspdev.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
Bindu Software/Colorlab/haspds_windows.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
Bindu Software/Colorlab/haspvb32.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral20
Sample
Bindu Software/Colorlab/hdinst_windows.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral21
Sample
Bindu Software/Colorlab/msxml2.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral22
Sample
Bindu Software/Colorlab/parser.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral23
Sample
Bindu Software/Colorlab/regression_dll.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral24
Sample
Bindu Software/Colorlab/regsvr32.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral25
Sample
Bindu Software/Colorlab/usbiocom2.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral26
Sample
Bindu Software/Colorlab/utility.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral27
Sample
Bindu Software/Colorlab/x2d200.dll
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral28
Sample
Bindu Software/Colorlab_Read_Me.pdf
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral29
Sample
Bindu Software/HASPUserSetup_7_80.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral30
Sample
Bindu Software/HASPUserSetup_8_15.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral31
Sample
Bindu Software/HASPUserSetup_8_53.exe
Resource
win10-20240404-en
windows10-1703-x64
Behavioral task
behavioral32
Sample
Bindu Software/setup.exe
Resource
win10-20240404-en
windows10-1703-x64
General
-
Target
Bindu Software/Colorlab/haspds_windows.dll
-
Size
8.4MB
-
MD5
d41928463aad24d826d9f87deac6277f
-
SHA1
0d6dce2c3ce0d747c4b0b522a71ebdc65786ea1e
-
SHA256
8dcb3932fffac482c56550a92e659ce2efd51ea71df66d7afe5bcdae6e84176e
-
SHA512
b81772a30694985dd4d322724a4209c4543abd9a9c005b2c75b60b3cb85e9b4be5b58d34de3b405189c64a3a39624038332938372d5c1d1772ea38b934263e3b
-
SSDEEP
196608:AZQJ6xs/f5fU0GEDSHv9kGPMIOmmCSTbLQsOfmh1ilWIQ:AeoxeQTHlkGPwhCSTD+o
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3068 wrote to memory of 68 3068 rundll32.exe 74 PID 3068 wrote to memory of 68 3068 rundll32.exe 74 PID 3068 wrote to memory of 68 3068 rundll32.exe 74
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Bindu Software\Colorlab\haspds_windows.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Bindu Software\Colorlab\haspds_windows.dll",#12⤵PID:68
-