Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

PDFixers.exe

windows7-x64

7

PDFixers.exe

windows10-2004-x64

1

Resubmissions

14/05/2024, 06:45

240514-hh12zaea8z 7

05/03/2024, 22:15

240305-16pb7acb24 7

Analysis

  • max time kernel
    133s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PDFixers.exe

  • Size

    8.1MB

  • MD5

    b4440eea7367c3fb04a89225df4022a6

  • SHA1

    5a6c01f821f10f6ed1f1283ecba36c5bacfb5838

  • SHA256

    a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0

  • SHA512

    69c3a0339aa6d060845570527205136d4aa04b2f13b983e1e84a0d2d9a90e99ec827999a20c57e27a4c27d36e633bb264ddd95a43c03e47cfa3d9f6377e57e76

  • SSDEEP

    196608:qn1PLvFtljMRfLjjL4/Y8261NG9HTta83vm:qnZFtlIP4/Y7pO8/m

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PDFixers.exe
    "C:\Users\Admin\AppData\Local\Temp\PDFixers.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
      "C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:844
  • C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    "C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe"
    1⤵
    • Executes dropped EXE
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    15.3MB

    MD5

    c02dc2ca96fe9841963883c0fe177399

    SHA1

    7e42e66e9198c258da48a6194577e3dbd424463a

    SHA256

    290e4aa7ed64c728138711c011e89aab7aa48dbc1ae430371dc2be4100b92bf0

    SHA512

    d7acf551d0764fcfb9a895701679981f76b2ff73f99bce5da2c6c3f2f0556ee33f45d0d98848fee96a6ccfa24e09c26303705c5f094e945e647f53f7e4716faf

    Download Submit

  • C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    131KB

    MD5

    c0e9adcba5844e3fe5eb58042c984fcb

    SHA1

    9ef539762fefe7956cb53e58ec25d7f84270d231

    SHA256

    dc4f57ca48301f7a23448ff6ad2969c0784bbafbdeecc1fc1f98a623c03b0f87

    SHA512

    5f30c1ff992f4fc4117d9020c842bd8c75df27f5757277a1756a58ed09a5057e83e8829959c4472b796b20321d3b45a895a7b6f2a5e6c1470f454bee798fa447

    Download Submit

  • C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    130KB

    MD5

    c4534a9f25b6d673c6fa10a42fae37a4

    SHA1

    2ff6f66237599b5fbb0dfad5fe4698160e10de2b

    SHA256

    13cc6e6131f77b40542e14201d149bfba4d3b9e49904a3043c2ee958af28de91

    SHA512

    714a8b486e9b7bbbdc4bbb477bd02edae135269559244877deea5b19089aecc62dda1f411cb883e868f681bc805dcefdbd49f17f0466d41bad53fd90040c8e69

    Download Submit

  • C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    3.4MB

    MD5

    9a269a4d3a6d588e4f2a5fb521fb3aa9

    SHA1

    d5903f7e3988ad80ffff72223eb65c6f3bc3ab92

    SHA256

    d6fcde40ce9e39c728bf977fb5006368d6d5b92f5d4c41d705e8a310b9daa642

    SHA512

    dda415d1e74655f039841ebec5db2b6289ad2c97eeacea54082763382d47a0e969a3d96267b8658324a1fe761635c7b0cb235832a5fc8906a63f59106668f5af

    Download Submit

  • C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt
    Filesize

    2KB

    MD5

    47ccebf5ced4c39f07325866f337a31e

    SHA1

    126f4e4bf5e442ea5b71fdac050c7eef3353c41f

    SHA256

    c88e314b80394c3d0b589f97f1cd78490459084e5beb66d0d0599cd45e5ca3cf

    SHA512

    de98c5b3120dd3c0bc4804fbb3209a2a59ac0d94a1e10b06ba4d46544723e64cadf46c417e33a1e3ebd2d557c5f8f6f0abdedf02bdbdd6a4bbe8d4978dcad1a4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt
    Filesize

    3KB

    MD5

    4c5f8e095854162cbd9e3d1e61eaa825

    SHA1

    f5f1f2dee20e0ce33959bf84f5f729e7d12e6a54

    SHA256

    dd498f4c8daac30c8e245a70136af4d9a8981b8a2fbd3ee3703663f3fbe381d9

    SHA512

    f86672c7be5a0e60dcda537a9e6a703e21ae86e0d68e5122c83f722d68145c480b1d23f51c41e2bd7fb819ae54b0bc82db3cafb2dd3f59c61ccd42e522954817

    Download Submit

  • C:\Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-settings.txt
    Filesize

    2KB

    MD5

    4f0661713a1f4a5dda177d2abb6502f8

    SHA1

    aa403d626f1568feb50610c3bd1737a6853ef7bb

    SHA256

    7b72f38677672430d2f81145fa4ab5aa783c18f12c876d5089cb1ece7050b77e

    SHA512

    4f6c5e8abb239658b1682da4d50e2faa4a790859ce97ad2489339d58af6033322bf91a055c341c0668eb25cfc9eb2204e39f46259936a5ae1b503443dec2cbd8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\SumatraPDF\sumatrapdfcache\f6f30c9e6f812047c347827ccdb99a43.png
    Filesize

    997B

    MD5

    cf046df557df090e6c6fd887fdb5854b

    SHA1

    540f9b86af1bb664061deb1e51fe59d2057f875f

    SHA256

    10f49d2811ff27e9023d808ec2d9b5fab32e5dd1afc72423a4200f61c0ccc873

    SHA512

    09d9086bede35e84316d7d8bf73f8066170a7198fff7b689a93f122936f13bb2cc8fa8ccdb155f33d18a3a7bf7d6183fdc3b2aa5f3cf3ef9093a4f60a8d3c908

    Download Submit

  • \Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    1024KB

    MD5

    79c00ca3900d4cce4f78246b3eb10792

    SHA1

    ac287984349be735214f894197cd2561dee0ab1d

    SHA256

    11e0cab258b248da7e413076ad3075b629dba694dd38ac2c5df296c45186ffe2

    SHA512

    6df49e5f960b4285bd5c66f5fb04f29bb664fa3b25d07450bdf0a45758de53a21b99f48f9581412ae7dc515e1fcb8e1ecdb80b1c1c0dd64797018ee41a348012

    Download Submit

  • \Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    103KB

    MD5

    b1027aefa97f4a45f6a668c3bd82106b

    SHA1

    8b534a428af2c51d2bc13ef1dae23acc2ba0fce4

    SHA256

    c9d1dcb7075bbd1cb64d125d0b8899d071eee170c5837e08d17b14c6a966a526

    SHA512

    472d11e59628bcc72ab8a2745cf4360682bb7e4d681b789e7a22ce878b95f14e4cac8aed62348f1d480a69b8e95673e5752f3cb518505ccd960f64a65d162058

    Download Submit

  • \Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    2.1MB

    MD5

    4771e383bf39936ecca9dacdc1a74954

    SHA1

    c83788bca34e232a9e3aa62286ada1941da75f28

    SHA256

    e63af1418727b2b29575aa66c1a38534f017b796a4513298841696d3757ad9a6

    SHA512

    887f93a56dc348363a33f9bf97d3f993d8db785aa1645f4ecb3bc1a28daa567aaecaf5bc6ac420655463234dee9df7c5cbb089d45a788882820edcb43694cae8

    Download Submit

  • \Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    2.0MB

    MD5

    a3e71695102eb38a943164d4d9dfda22

    SHA1

    9d53a90b856e3cfbc765daa3e4f55177d9b275bc

    SHA256

    fee6d4f7e3bdbd0a498cdeaacea9d4baf2a51fb6756d2022867f6fea643dfc5f

    SHA512

    fd7f9add1d25e1e8d6a6b18584fc5be9ea27915685cb10a24b470586e767ad797b184e264fa86d6178a5b1fe5a8eaab18785bec5beb7ad63f0924e321dfdce22

    Download Submit

  • \Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    2.0MB

    MD5

    f05a4942653521a442b1e5086971cd0a

    SHA1

    16d98f806748a6a33f086d8d61dfe3302f76629f

    SHA256

    09a70cbe68f4e79caf0f2be3c89bdd0e25b5c1149f996304b865096354fac0d1

    SHA512

    b059cece30f167c59ce46a5e5eaf41470809e3615ceb9e6f705b75531d0a2f321fbd30100058679040bd590bf721776d6fa883f7d39dd6615477d8d3c72e61d3

    Download Submit

  • \Users\Admin\AppData\Roaming\SumatraPDF\SumatraPDF-3.5.2-64.exe
    Filesize

    2.2MB

    MD5

    4809c7dd80e3ece1e0652e33cefa2062

    SHA1

    8bb750506cecfc987d351c5dce41d465bd454d78

    SHA256

    8393de79b6cb91983051a54c48d6ef4052c56d0f3aabab4689e2987963850c43

    SHA512

    5a6402f8608537cf9a92104abad8a431ae9e6a083038351e4e507218d6d62007268e027a9721b70a058075c9370c4ecca01a88c90cdf1b5940846388d32ca375

    Download Submit

  • memory/844-89-0x0000000004650000-0x0000000004651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/844-86-0x0000000004660000-0x0000000004670000-memory.dmp

    Filesize

    64KB

    Download

  • memory/844-87-0x0000000004650000-0x0000000004651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1516-117-0x0000000004A90000-0x0000000004A91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2936-53-0x000007FFFFEC0000-0x000007FFFFED0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2936-85-0x000007FEF54B0000-0x000007FEF5E9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2936-4-0x0000000023AF0000-0x0000000024296000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2936-107-0x000000001BD70000-0x000000001BDF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2936-110-0x000007FEF54B0000-0x000007FEF5E9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2936-3-0x000000001BD70000-0x000000001BDF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2936-2-0x000000001BD70000-0x000000001BDF0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/2936-1-0x000007FEF54B0000-0x000007FEF5E9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2936-0-0x000000013F6A0000-0x000000013FEBE000-memory.dmp

    Filesize

    8.1MB

    Download