General
-
Target
Seven.zip
-
Size
1.1MB
-
Sample
240428-dxx7eafd3s
-
MD5
78376e4346630ad3c2c9e3ef35db515a
-
SHA1
9de38dc047cc4aa12732750f34f3e651af33bd30
-
SHA256
b0e3808bf9077c0166ad7954422dcaf55bcc9f3e918583af49d8a1f1b6a86624
-
SHA512
e01b20ed84825f39e8b1b95d851757adf992c8c47649fd5b71307a09a40b44b34db51b73cc3dda0a63b6331e436d34ab2daeb33fb9619f115a8118791c673418
-
SSDEEP
24576:r3NiMLLGPTOISiZ5klvWPcqHZllScdGWxkKSZIxtAxgE9jA6mU3wtx:rMMLsOInU+cqtfdG3ZIHVoj3C
Static task
static1
Behavioral task
behavioral1
Sample
Seven.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
Seven.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.0MB
-
MD5
5085a3287ace94a94b9275b28f36f2c9
-
SHA1
a76b4c329debda0613184d99ef4be5c55b285d49
-
SHA256
c2be652db3cbe9114821f93f80a5feff21508b25cc0ae86fb7a00644283447b0
-
SHA512
74a8ef9ae978e7e756df7646dd72e93ad01e07a160310e89f44fe0ae3c75d3cb36a850a35966e4459d547421e055151e68df5098db4f6fbb7b9401f5fec57a4c
-
SSDEEP
24576:vAiJPI6iR5gpvWh4qjZjlMcdYCNkK+j41ZQJ0AXP0UzU3:VIXe84qDZdYxj4v1/3
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
6503f847c3281ff85b304fc674b62580
-
SHA1
947536e0741c085f37557b7328b067ef97cb1a61
-
SHA256
afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f
-
SHA512
abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
6