Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Seven.zip
-
Size
1.4MB
-
Sample
240429-w6aftahe45
-
MD5
467a3713c2d08ab9403633b43db8ecd5
-
SHA1
1cd81a4369cf41bcedf8a45a56f0c3c48010d9ca
-
SHA256
5b1a7502313ba6d09582086c800b3f4cffda294bcb3546c505c8c9ea9aca6722
-
SHA512
f3b06fda5103b2e1ed1f3cae2538df33132b3e74ea0cb5b164453c24d2abfd3cf0467f4057b6d0ab64e84f13c3aa338c83f28d88ce728699fa3221e570f25bf7
-
SSDEEP
24576:YW5FFbAybZEolmOpmqjvjlQg3wIsmmlHvCgzhv/BpSMzU+GBiAwGumsUAUI2uzXu:l5FzFtmymqVV3wSm7zhRuBXlsZUIQ
Static task
static1
Behavioral task
behavioral1
Sample
Seven.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
Seven.exe
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
Seven.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral4
Sample
Seven.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.3MB
-
MD5
4061c3e1375f90dfa022f53cf608a20f
-
SHA1
83dacf3737189a6bf5c5eefee505eae6c7b555c6
-
SHA256
a65face7b91daabeba328d0cd7f9a7ea6073e1d6c20f80f4b5db2d0a487eb426
-
SHA512
a5fe88731677fb75b747ac7961ec9604ec88d8ffbca76a0f8b45d3d9cacc8f5c48c7a4f6eb0a7baffc8f87a043c763a8db2bf8b1c2e18d7d935c74b39a3df543
-
SSDEEP
24576:C5ZlbiyR5oGlMWrEqjvhlygduUy0uTHfCM9bvLnpY8Ni+wBIewsAmqUCUcuUth9k:C5ZhnFMKEqb3duGux9bDI/jhq1Uc
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
350273e0d2e8a9ba5e37b791016112a0
-
SHA1
5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71
-
SHA256
27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba
-
SHA512
b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct
Score10/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1