General
-
Target
Seven.zip
-
Size
1.1MB
-
Sample
240428-lf6ffscf59
-
MD5
869343769f797106c86afa7688d1d37a
-
SHA1
c379e7477387e3b132f9ec665b028e2e5fa41456
-
SHA256
aab79fbfd65ae83447621a5952aacab57477f589cb2048913415c6d170fffe35
-
SHA512
bd95abd76741c4aed288c88a39a7aa063f85fce461f68852c079db121c9c4c85f99bdef4bcf913ec492647f997fdb5d7dafd994a77fb08bc93567f06df067415
-
SSDEEP
24576:wyRFaTmqhvQ+if5+Oc1WXMqlfzlygd6jLTELuW0JU9VxuGloe:wydqhvQ9jc1eMqfnd6j/EKWuM/
Static task
static1
Behavioral task
behavioral1
Sample
Seven.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
Seven.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.0MB
-
MD5
d7eb18895e60f0e5190e1b53f527a0da
-
SHA1
476ba06ae3c331a18a8861cda7246b20c4fe399a
-
SHA256
954aa3babc12a73f8e7fcf2838e837734f86bd9cd60fefc86a6f41f8377801e9
-
SHA512
75d57b288b4c5ad0f5009b9613d53746b5a2ce416986779f8b848d7ed14273e12db66bdbf77d83cc90db063e4b2843edb506e66f53cc20c325c4e83f6debfb48
-
SSDEEP
24576:rAiJahluciL5a8cZWX+qjfblGgdgrLzO9AyudA95xm0:8hlunTcZq+qlTdgr/Oay6
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
6503f847c3281ff85b304fc674b62580
-
SHA1
947536e0741c085f37557b7328b067ef97cb1a61
-
SHA256
afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f
-
SHA512
abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1