Overview

overview

10

Static

static

3

Seven.exe

windows10-2004-x64

1

Seven.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Seven.zip

  • Size

    1.2MB

  • Sample

    240427-jkweyaef9w

  • MD5

    ad6fddfa06736e68c17c9c6ecf3e5841

  • SHA1

    64cd59cafc384c09364bc4e203ed626f60f00d4d

  • SHA256

    58143816c27f8b0f8b22229334347ba8e9b99461432517599dd848daf16b5a5a

  • SHA512

    2a40384e4c26d758db2f14d8a4aee8a53480602f91f6bd42de917793fa54f4c7a75995dead2a327eee7b5cb2e7bd4c9fef05e5fb88565a6690ed1599d208a43e

  • SSDEEP

    24576:Cdqz4+i7bMyQV40v4qjv3lgIt4AOpxQHILJX8hfynKCCK9Ih:Cdu4bcuu4qxtt4ZpWoqk0n

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.0MB

    • MD5

      4be28a5306ac444f1d95d85864d80814

    • SHA1

      a55b89ad1d64b751c97358e03beb01cb8efaaf37

    • SHA256

      059f809ae45fdbebf9e23f29b505082f1275dd4cec132ea3ba2f1f1cc739957c

    • SHA512

      c3c4428ab48d2d02bb2ec5f18e4f0cecd382c23eae08fdf303f3bc8e9202ce2ee4f80ad763d5995257a8d381f44d0a4aa49b786a66d957fd730efb18f6c379a1

    • SSDEEP

      24576:2FkIi35+mCVUWzUqjv3lmId+8E9WNoxl5Gmfe5wqwWn:Ck/y2CUq5bd+V9WafAHw

    Score
    1/10
    behavioral1

    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      350273e0d2e8a9ba5e37b791016112a0

    • SHA1

      5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

    • SHA256

      27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

    • SHA512

      b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

    Score
    10/10
    evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks