3066d8aee375735ae180cd83974d6a72f98489736e59333798e458e383d2b718 | Triage

Submit
Reports

Overview

overview

8

Static

static

PDFCreator...up.exe

windows7-x64

8

PDFCreator...up.exe

windows10-2004-x64

8

Sharing

General

Target

PDFCreator-5_0_3-Setup.exe
Size

37.4MB
Sample

230125-qsdnesgd26
MD5

c3441267a4f584f649c9154a2442057b
SHA1

dddde15b0ab014f81a9cec227101843a3da9bead
SHA256

3066d8aee375735ae180cd83974d6a72f98489736e59333798e458e383d2b718
SHA512

3dbd9d39eb4011e92c225ae4b990ab7be371c5becb808f68a2aa91b5cd699bdb9b7f4b1f8e6762713ce22dcaa81e90cdcde481e57904f799dcc46843b67da9cb
SSDEEP

786432:8xqKeUCAOBiFZl2VtgCVS5kyoUoPQJ9XWwEkwgLKaYqRAS:8teNpiItgp5kyoUoo8pgLKaVW

Score

8^/10

discovery macro macro_on_action

Static task

static1

Behavioral task

behavioral1

Sample

PDFCreator-5_0_3-Setup.exe

Resource

win7-20221111-en

discovery macro macro_on_action

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

PDFCreator-5_0_3-Setup.exe

Resource

win10v2004-20220812-en

discovery macro macro_on_action

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  PDFCreator-5_0_3-Setup.exe
- Size
  
  37.4MB
- MD5
  
  c3441267a4f584f649c9154a2442057b
- SHA1
  
  dddde15b0ab014f81a9cec227101843a3da9bead
- SHA256
  
  3066d8aee375735ae180cd83974d6a72f98489736e59333798e458e383d2b718
- SHA512
  
  3dbd9d39eb4011e92c225ae4b990ab7be371c5becb808f68a2aa91b5cd699bdb9b7f4b1f8e6762713ce22dcaa81e90cdcde481e57904f799dcc46843b67da9cb
- SSDEEP
  
  786432:8xqKeUCAOBiFZl2VtgCVS5kyoUoPQJ9XWwEkwgLKaYqRAS:8teNpiItgp5kyoUoo8pgLKaVW
Score

8^/10

discovery macro macro_on_action
- Downloads MZ/PE file
- Executes dropped EXE
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverymacromacro_on_action

behavioral2

discoverymacromacro_on_action

© 2018-2024

Terms | Privacy