General
-
Target
Seven.zip
-
Size
1.1MB
-
Sample
240428-hh3wkaae2t
-
MD5
7fec716db78e23913a99573d2148f646
-
SHA1
0fd82a28e1c7ab1a15676048e14ea2b8f33fc830
-
SHA256
870f13d017be42e5fa49a7f5d30f59616aa3daca850fa4d91c036e165136902e
-
SHA512
924f7247e1d258e86c53bc6643e37bc1f24b89ff1cea50d833d3966bc3da4a1eea18f55eaace1d11a64f597cfac60a4486a1ffd65b00ffac94d66099aed6d74a
-
SSDEEP
24576:ryGYsLLGPTTKqUkiP5wV4vMWFWqhXxlcUdAw2GmJx+lyh6Uds+lQRA/9:ryGYsLsTKlv+4vMwWqZZdAw2Gmz+s6RK
Static task
static1
Behavioral task
behavioral1
Sample
Seven.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
Seven.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.0MB
-
MD5
a7a5141767a0fe23709153cc0f7bc1d9
-
SHA1
5391c74653de7aec6c0e00d342da9ef607e07081
-
SHA256
f9fac8cfaeeb0800506c812133c52d6e4db2c1de50aa1ca4738f0acd48d8a8e1
-
SHA512
444c039841f5d404b06c9a85c814313b283bd6729577603a5ebe019c7a4054b6df1325010268cec3403b84ac14a5c49e26c4ed6837633d4c7ccd8b826b066801
-
SSDEEP
24576:TAiJ82QUait5iVavuW1wqjXtlOUd6QyemnxYRehE0L2AtC3Z:u2Xj0avuQwqnjd6QyemxYwEbp
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
6503f847c3281ff85b304fc674b62580
-
SHA1
947536e0741c085f37557b7328b067ef97cb1a61
-
SHA256
afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f
-
SHA512
abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1