Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Seven.zip
-
Size
1.4MB
-
Sample
240430-cc2hnahe9x
-
MD5
50f553295a4451e0bd7607acb491c732
-
SHA1
03eafe0b8b1335dbfdaadb0743c6ba0b4eb7af41
-
SHA256
276a5903dbc07e0200bb6206fb03ea67e8d8a05056426d920a781a12e0a90ac8
-
SHA512
cec22d9d61ef27190772a4e5e8182c8b80d8d4d28d82b494eeba4b8af745c53f45acb15a0b4b3c5ba71f0ea34ba02e0e3055fe680db4cd45223a96e096a83fc8
-
SSDEEP
24576:oZ+U7Y/KEHEqjpbl00FjsckGXFPsEzYvQZ7VmNQQMzE63tgsgmYWJcz5ZfWrg3b6:ub7YHEqvRFHkGZzY8O63WstYWGh3L6
Static task
static1
Behavioral task
behavioral1
Sample
Seven.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
Seven.exe
Resource
win11-20240419-en
Behavioral task
behavioral3
Sample
Seven.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral4
Sample
Seven.exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
Seven.dll
-
Size
1.3MB
-
MD5
b5354db7c3200ccec55fd08c45871d59
-
SHA1
ecc498dcc425d9d803dcd0eec5efba18c654fc58
-
SHA256
90d1ad22e058d66acca5e10b5095d857fcb295143d4538930650765eaa25367d
-
SHA512
58a26c369977bc4fe735dfad9abf062a16fa0f2af3decf92f71339c374751ebfc8e4760ddd01266fc70bfe4bb56b936140e776a742a2b188d7a692029ba627c7
-
SSDEEP
24576:SL+2hCliElgqjVXlwuFd60yqRFnAYj0vopTVIf86gxg23b+sUAYczkP5f/WRmJ4:SLPh0lgqzpFFyqbj0CA23yshYcIXbm
Score1/10 -
-
-
Target
Seven.exe
-
Size
139KB
-
MD5
350273e0d2e8a9ba5e37b791016112a0
-
SHA1
5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71
-
SHA256
27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba
-
SHA512
b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b
-
SSDEEP
3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct
Score10/10-
Renames multiple (257) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1