Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Seven.exe

windows10-2004-x64

1

Seven.exe

windows11-21h2-x64

1

Seven.exe

windows10-2004-x64

10

Seven.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Seven.zip

  • Size

    1.4MB

  • Sample

    240430-b1n2ssha61

  • MD5

    f3d4e73db1f002bd9104088218321667

  • SHA1

    3e9334488fcefee12bada1587643b7f0bab90e93

  • SHA256

    5104b1b7985c530313751401ea69dbf9d8154f197d7c4af534ce8605beeb33b1

  • SHA512

    ddffbf427cbed43864e745888d6cee33a91cd6f3a64f34083cf22238683b491e7e2e8abba80ffbd11e1935591bfc55f3520cde24552e14cb9338169dd4a2d95d

  • SSDEEP

    24576:+3A6rQ6JUqjtBlw6dv2ImAoTFda/0vQyLVetvMRXG3FQksUqoKwpxteQW/enSX7b:+3AyJUqxDdvoK/0ny3ekbqorQQD4n

Score
10/10
evasionransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.3MB

    • MD5

      1f7090825cea66e6650e2c08df750bd4

    • SHA1

      abef7ba313d81b2ca3fa3c55621e1f5077057d19

    • SHA256

      0584db4656c638c0e515fa0793d3f174aa7f094615429f717029744e6299a10a

    • SHA512

      e186acf360fc2adc7e28fbd556f302c6273fdc3dc94516c2a1cbf1e30dd271e068892f3aa2fca03e92a48070cfa0777b70d79a59154bba843e7efa3d394a7a39

    • SSDEEP

      24576:owCzi6lcqjVdlwudf2oEwgjFNUJMvgSTVwhp6/dgbr4kU8qcUgxxFoSWv25p:ow4lcqxpdfg4JMt0b8kVqcjmSv3

    Score
    1/10
    behavioral1behavioral2

    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      350273e0d2e8a9ba5e37b791016112a0

    • SHA1

      5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

    • SHA256

      27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

    • SHA512

      b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

    Score
    10/10
    evasionransomwarespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • UAC bypass

      evasiontrojan

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables cmd.exe use via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Impair Defenses

3
T1562

Disable or Modify Tools

3
T1562.001

Modify Registry

5
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.