General
-
Target
Seven.zip
-
Size
1.1MB
-
Sample
240428-kt8x3acc7w
-
MD5
5513b83f507934d74b988542e63ba633
-
SHA1
4bd52e03f663e5f29b3763681cfb45250f271758
-
SHA256
88caceb5de47c576e4fc6ec0695f4502fe7a7216afde0ff20956c579b6861bec
-
SHA512
0e20fa4492fa2ed386812fc9c8bddf4c5ad5f502a0d22fe33ecdc81c845a2c10b56adb822253d5e464d643c7db6242d5c8a24f5936cfc7ab47f098cd13dc88c1
-
SSDEEP
24576:r5jqg4vznGqUir5MdtWXgql7FlyWdKMTaamdgb9qrKOOaXyW/5N:r5jqfnFLgigqtldKMTaam6bAr5/L
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.0MB
-
MD5
07d40e30d277c12b72c234610d43d9bd
-
SHA1
b868ba873fa9e868dbe8286bd9278f2259d2a5ff
-
SHA256
1f13955327e079c9d554ffdc22fb364588e08ebd1f0a2e66727de0d683418bd7
-
SHA512
33428b92fc2d7cb8196f12df939f1650c7ff7e1f0fe0dd3ec279358b244128fab2d30c904a5da59d287d8f63a08bb102e50c4276b93c602369d1baf3d189db11
-
SSDEEP
24576:TAiJqGqEiZ5ux7Wpuqj7NlGWdQCfagITUnLq5AAmu0U:kF5O4uq7xdQCfagIAn25kU
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
6503f847c3281ff85b304fc674b62580
-
SHA1
947536e0741c085f37557b7328b067ef97cb1a61
-
SHA256
afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f
-
SHA512
abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
UAC bypass
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-
Checks whether UAC is enabled
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1