c07410c7c7108058993f52d95904ae107860de37c65eec124d08f96ecb68dd6d | Triage

Submit
Reports

Overview

overview

6

Static

static

1

wps_office_inst.exe

windows7-x64

6

wps_office_inst.exe

windows10-2004-x64

6

Sharing

General

Target

wps_office_inst.exe
Size

5.3MB
Sample

230701-y939eaag8w
MD5

44a568a2dc9f9ac1347e9ac1a0ccae99
SHA1

cd90bd84343455885178d6e0f4de62b72c28bd91
SHA256

c07410c7c7108058993f52d95904ae107860de37c65eec124d08f96ecb68dd6d
SHA512

513e96a767e34a50ba0e1be87e21771c8c1a855666a8a50e1136acf381aebde87711507a3d997c325839218dbee3775e8c5ebff41d9a2af9a62381b8d5f74fc5
SSDEEP

98304:rG68SvphgXraN+zRe1fuiEkdizoG5+x3dA3U/5Cdnx/7G4Dh:rLvphgLzReC18IS3d+g5C1ZV

Score

6^/10

bootkit discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

wps_office_inst.exe

Resource

win7-20230621-en

bootkit discovery evasion persistence trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

wps_office_inst.exe

Resource

win10v2004-20230621-en

bootkit discovery evasion persistence trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  wps_office_inst.exe
- Size
  
  5.3MB
- MD5
  
  44a568a2dc9f9ac1347e9ac1a0ccae99
- SHA1
  
  cd90bd84343455885178d6e0f4de62b72c28bd91
- SHA256
  
  c07410c7c7108058993f52d95904ae107860de37c65eec124d08f96ecb68dd6d
- SHA512
  
  513e96a767e34a50ba0e1be87e21771c8c1a855666a8a50e1136acf381aebde87711507a3d997c325839218dbee3775e8c5ebff41d9a2af9a62381b8d5f74fc5
- SSDEEP
  
  98304:rG68SvphgXraN+zRe1fuiEkdizoG5+x3dA3U/5Cdnx/7G4Dh:rLvphgLzReC18IS3d+g5C1ZV
Score

6^/10

bootkit discovery evasion persistence trojan
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistencetrojan

behavioral2

bootkitdiscoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy