Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PDFCreator-4_4_3-Setup.exe

  • Size

    38.9MB

  • Sample

    220927-nlkgaadch8

  • MD5

    5e0edff7f36e76b8b053e60b9b728950

  • SHA1

    4e79fbe4170179e490d4df5da31ac119983d29de

  • SHA256

    05f06f778672ad3ef34420c40919a13d6c27bdc6b4988e87fd8004fe50325f1b

  • SHA512

    790a019e6aef3b8fc2ee1dfbf4aeeef89613d8ca01676c3dca5216381749ab6c6c624bbbd693000764b3b9f372941f4c6b78746b4a2f6e57d05a246c68b93acc

  • SSDEEP

    786432:+xrP36kXLiiSygkq+QlsT/cB6v424fY6BUM2n6eNnM2JcyNOP:+NPDiLkKeLy6v42WWn68nM2JcY8

Malware Config

Targets

    • Target

      PDFCreator-4_4_3-Setup.exe

    • Size

      38.9MB

    • MD5

      5e0edff7f36e76b8b053e60b9b728950

    • SHA1

      4e79fbe4170179e490d4df5da31ac119983d29de

    • SHA256

      05f06f778672ad3ef34420c40919a13d6c27bdc6b4988e87fd8004fe50325f1b

    • SHA512

      790a019e6aef3b8fc2ee1dfbf4aeeef89613d8ca01676c3dca5216381749ab6c6c624bbbd693000764b3b9f372941f4c6b78746b4a2f6e57d05a246c68b93acc

    • SSDEEP

      786432:+xrP36kXLiiSygkq+QlsT/cB6v424fY6BUM2n6eNnM2JcyNOP:+NPDiLkKeLy6v42WWn68nM2JcY8

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks