Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
WPS Office_12.1.1.exe.vir
-
Size
350.9MB
-
Sample
240809-jp7zjayajn
-
MD5
18ffc2a9a2e45db4188a8ec632e8ac9b
-
SHA1
57998f5f51796f2e225abd50bc6c94c8023649de
-
SHA256
6997d3ef9707fd9b38ca14ae785c5eff641a909d29a1777fe9d18df8ae2dcb7a
-
SHA512
de2b83eb8599bc45c911fce457cb38b9049b3077c05290530649f58d413c699a1e51f2cdc17f4da9b6ae4d3b30cf7b15d8716de6b5dce2af6a7ef6fa5159e11b
-
SSDEEP
6291456:y43ehrvHTVOE1n6nSXfhO2d8nPkWvGmGeSIgAaeavINP8pIDzC97TJ42Vh1ovNET:+hrvHTV56ahO2d8nPpemeXv+UqC9fJ4a
Static task
static1
Behavioral task
behavioral1
Sample
WPS Office_12.1.1.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
WPS Office_12.1.1.exe.vir
-
Size
350.9MB
-
MD5
18ffc2a9a2e45db4188a8ec632e8ac9b
-
SHA1
57998f5f51796f2e225abd50bc6c94c8023649de
-
SHA256
6997d3ef9707fd9b38ca14ae785c5eff641a909d29a1777fe9d18df8ae2dcb7a
-
SHA512
de2b83eb8599bc45c911fce457cb38b9049b3077c05290530649f58d413c699a1e51f2cdc17f4da9b6ae4d3b30cf7b15d8716de6b5dce2af6a7ef6fa5159e11b
-
SSDEEP
6291456:y43ehrvHTVOE1n6nSXfhO2d8nPkWvGmGeSIgAaeavINP8pIDzC97TJ42Vh1ovNET:+hrvHTV56ahO2d8nPpemeXv+UqC9fJ4a
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1