Overview

overview

10

Static

static

3

Seven.exe

windows10-2004-x64

1

Seven.exe

windows11-21h2-x64

1

Seven.exe

windows10-2004-x64

10

Seven.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Seven.zip

  • Size

    1.2MB

  • Sample

    240427-jvcqksec75

  • MD5

    561cc36e73f621786fc14ceb0e6d1037

  • SHA1

    514a6489b9a274ae4501d1bf54c5e5d1ddf75a07

  • SHA256

    d4f1ce4aee6f0fda2e1761fe0205639d3763e07809521a2abd1a7c33f61fdef1

  • SHA512

    2db4a3940ea40f38352a92fdd18a66c0bf8edb99ae7f1d2d04c4b9799a3bc8737b2787b0c1cd7118653c3a1559e78d7e039af8d4f95a37447374c6d04ce41324

  • SSDEEP

    24576:CdAPSCitbkcGVGIdyqjv3luIRI4U/EPmvlvqhfOlKusbSIWPfTw:CdqSxQ8YyqRTRIH/E+uqKzmE

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.0MB

    • MD5

      78d11fff81213798978db07b9a300fff

    • SHA1

      9b0f28281a2af76cdc0f512ba004b507a3e46090

    • SHA256

      a2a8005d8b21240ec6bb33708bbfc1390d709731ab9b2c737992d43e65317b54

    • SHA512

      35a6cef6fdcf1fee978f2378689b7d82588f507af18b6e2f075c41f0d0a555fb4aebf8bcbfcb56d136884463a0b43ddcb76d5a7f6cd4ba02a8740847c15480bb

    • SSDEEP

      24576:iFkIi35+mCVUWzUqjv3lmId+8E9WNoxl5Gmfe5wqwWn:mk/y2CUq5bd+V9WafAHw

    Score
    1/10
    behavioral1behavioral2

    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      350273e0d2e8a9ba5e37b791016112a0

    • SHA1

      5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

    • SHA256

      27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

    • SHA512

      b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

    Score
    10/10
    evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks