General
-
Target
Seven.zip
-
Size
1.2MB
-
Sample
240427-wfd2baea9z
-
MD5
a72336edd5d9f0da269abbd862406234
-
SHA1
39f957725cb0e85abab6c4f2188ad4ff55bef1cd
-
SHA256
d046509643c31ff14225040381d3a5673c61c85c3807da8ac308385f2ba734b6
-
SHA512
e0dfac8da595f40346e9260568cbdc927507d52dd2351c0f272fd01f0016122e0b4487757a5c2fdaf53b31c65caac39b194559bda9a4d81a062148585a677353
-
SSDEEP
24576:tV0bqluRQIzeib5A4XTTW16qxdnl4udyGQNWPty9EvPzkeyp8klFAWE:tV0bzzZPXvw6ql/dyGQN4y26pvQT
Static task
static1
Behavioral task
behavioral1
Sample
Seven.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
Seven.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
runtimes/win/lib/netcoreapp2.0/System.Diagnostics.EventLog.dll
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.0MB
-
MD5
944552b2c4a86bdd0effcba5ca8a4797
-
SHA1
6890390a1e59de4a9df4f978442a437527ebc036
-
SHA256
010f0893a84fb7531c08d62c56fc5ae8d589ba8cad7e66ab5670bbde1c751da2
-
SHA512
9b248e63b9dd43796aeefba532e34db96226e6098ec09e0fbb2b480373ac9aacada24a6d5adb1410956423435406091cdebc2032739635f2bb948a3b13fcc8f3
-
SSDEEP
24576:uAiJkG5Qi/5i4lTvWVsqjdfl2udiqYhWh9iDG/FjciUp8kR:a5XZljUsqT9diqYhKiigpvR
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
6503f847c3281ff85b304fc674b62580
-
SHA1
947536e0741c085f37557b7328b067ef97cb1a61
-
SHA256
afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f
-
SHA512
abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
-
-
Target
runtimes/win/lib/netcoreapp2.0/System.Diagnostics.EventLog.dll
-
Size
127KB
-
MD5
9fb98981ec44d65d5a8fd867d7704dfb
-
SHA1
7558a89c885ebad2fe4fdec28c1eb7235a751c7d
-
SHA256
351f8619c3dafbad38ac8c89349b4c15073a944b2906b42cc7efe6353d21a985
-
SHA512
b0226ad2487ee124953205079f7d13efdd8c4ec92a184a5687607ce78022ce5899bf079aff7a04685b5c44798483642f0996871ceebe094d8965d6ecf1833576
-
SSDEEP
3072:GH/D1R8EYgMivs+qA8fb/+kPbPH5+LKlwnO4S5llBkQ7cEZ7A:GrQLgMivs+qdb/+kPl+4p4Sb7HZ7
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1