General
-
Target
Seven.zip
-
Size
1.1MB
-
Sample
240428-hmwytaad54
-
MD5
32a9eba846aea5477673a46af2f50023
-
SHA1
ee9d56474daa7f1ddb6a1dd2079940dc6565c842
-
SHA256
39516c7bdd3c006ec3eb4a42285fa0675a6edf52ed485cdf811c8914a4317be6
-
SHA512
c2fce5bec8deace1a9782f142f4650287bd8c0d5f13346b9355eff9502815128a2bdd8e2839282a083f728c14dece8d0f5deb10d074942c7c5243297994d4f98
-
SSDEEP
24576:rwFqafIbZohUif5yR0+ZWVqq9h7lA6d2hwfmFHxEHQGcAKkV2:rAINuPYDZAqqZjd22fmHDGc/
Static task
static1
Behavioral task
behavioral1
Sample
Seven.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.0MB
-
MD5
50df868da978da98e8a15dd4b7d14bd6
-
SHA1
edf65dbdf3728f0f10eb2f60a1f089cfa262f94c
-
SHA256
03f91ed49beabfdb82617be45394f8693e0f5fd6193e2b9ea14be9a3561e54e9
-
SHA512
58abbe384e547b40edd7312c7df42e890f98c39e3ad3080f98176ec4a8c5585ca0d0a61957592e19c11787990a238a906f3c885a7993179cc44bab0ecb05d5f4
-
SSDEEP
24576:qAiJa1oriiB5+REKRW1Iqjh9l06dKhSpgRhnkHaGcAiCXl:VSv0lRoIqlfdKwpgDTGcO
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
6503f847c3281ff85b304fc674b62580
-
SHA1
947536e0741c085f37557b7328b067ef97cb1a61
-
SHA256
afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f
-
SHA512
abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1