05f06f778672ad3ef34420c40919a13d6c27bdc6b4988e87fd8004fe50325f1b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

PDFCreator...up.exe

windows7-x64

8

PDFCreator...up.exe

windows10-2004-x64

8

Sharing

General

Target

PDFCreator-4_4_3-Setup.exe
Size

38.9MB
Sample

220927-nlkgaadch8
MD5

5e0edff7f36e76b8b053e60b9b728950
SHA1

4e79fbe4170179e490d4df5da31ac119983d29de
SHA256

05f06f778672ad3ef34420c40919a13d6c27bdc6b4988e87fd8004fe50325f1b
SHA512

790a019e6aef3b8fc2ee1dfbf4aeeef89613d8ca01676c3dca5216381749ab6c6c624bbbd693000764b3b9f372941f4c6b78746b4a2f6e57d05a246c68b93acc
SSDEEP

786432:+xrP36kXLiiSygkq+QlsT/cB6v424fY6BUM2n6eNnM2JcyNOP:+NPDiLkKeLy6v42WWn68nM2JcY8

Score

8^/10

discovery macro macro_on_action

Static task

static1

Behavioral task

behavioral1

Sample

PDFCreator-4_4_3-Setup.exe

Resource

win7-20220901-en

discovery macro macro_on_action

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

PDFCreator-4_4_3-Setup.exe

Resource

win10v2004-20220812-en

discovery macro macro_on_action

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  PDFCreator-4_4_3-Setup.exe
- Size
  
  38.9MB
- MD5
  
  5e0edff7f36e76b8b053e60b9b728950
- SHA1
  
  4e79fbe4170179e490d4df5da31ac119983d29de
- SHA256
  
  05f06f778672ad3ef34420c40919a13d6c27bdc6b4988e87fd8004fe50325f1b
- SHA512
  
  790a019e6aef3b8fc2ee1dfbf4aeeef89613d8ca01676c3dca5216381749ab6c6c624bbbd693000764b3b9f372941f4c6b78746b4a2f6e57d05a246c68b93acc
- SSDEEP
  
  786432:+xrP36kXLiiSygkq+QlsT/cB6v424fY6BUM2n6eNnM2JcyNOP:+NPDiLkKeLy6v42WWn68nM2JcY8
Score

8^/10

discovery macro macro_on_action
- Downloads MZ/PE file
- Executes dropped EXE
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverymacromacro_on_action

behavioral2

discoverymacromacro_on_action

© 2018-2025

Terms | Privacy