Overview

overview

10

Static

static

3

Seven.exe

windows10-2004-x64

1

Seven.exe

windows11-21h2-x64

1

Seven.exe

windows10-2004-x64

9

Seven.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    78s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 02:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Seven.exe

  • Size

    139KB

  • MD5

    350273e0d2e8a9ba5e37b791016112a0

  • SHA1

    5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

  • SHA256

    27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

  • SHA512

    b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

  • SSDEEP

    3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

Score
9/10
ransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (249) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 7 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Seven.exe
    "C:\Users\Admin\AppData\Local\Temp\Seven.exe"
    1⤵
    • Checks computer location settings
    • Drops desktop.ini file(s)
    PID:2516
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1428

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{fadcd841-1261-4517-ac09-1289a2098b6f}\0.1.filtertrie.intermediate.txt.420
            Filesize

            16B

            MD5

            e8aaa566651759e399714d464cdfb390

            SHA1

            373942a3618c8d5ff0ba8aab8e22d4a64e5641ae

            SHA256

            1a4a61c3ade192d7f35bb5879ba1493ac39369579eaf9f73c72c44a9ecfa3a6a

            SHA512

            23f835ffc6cfa06b864ee0f945dc844cb88aa1b0ab3cf2d0f8bf616c9a7446a563875ebd04f1b23d86d5a20ccc1a2cacd3e199c228cd73e8652c6f9e34b55ce2

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{fadcd841-1261-4517-ac09-1289a2098b6f}\0.2.filtertrie.intermediate.txt.420
            Filesize

            16B

            MD5

            209371fb985ae536f7a01b2cbf06fdeb

            SHA1

            6e5d735e5a6aef442f3342931eaf47d505763578

            SHA256

            4cef54ede857b123a2b675fdce8147dbcc1a7c4d471ec5bfd8791f9e2ad9c0b3

            SHA512

            53203c3447837fc04d0114f282e5b1efaeb1e81a90a9d50bd6384bd44823ab70c37f12aca73a52f803ba61a11ed3d7fd05ea04f79fc969212dce946df89b8bbe

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579838515694078.txt.420
            Filesize

            77KB

            MD5

            ccd6899680ab969cf8307cf47dd4f4e8

            SHA1

            2c59cfa65c4365a9296dae439358d8642ae6f3c0

            SHA256

            017f27ce648318c3d6f3e763bef01ae0375d1d606865a9b442d97ac7db4a0f74

            SHA512

            6e3f92ad5bc44810d0db428e05aeb5d174bf7b0d0546dba679ecb5e5afdb8e37b13c32101ced5f3f39690642d78be556f77d11ac4509e7ffb5b07930e79cd001

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579839873338736.txt.420
            Filesize

            47KB

            MD5

            a1a3feea7a332f9e97a62bc975eb8016

            SHA1

            1b28c0cf1ab5c10eb4cf0bad4618f213dd793ff7

            SHA256

            d4fee481ae945c46b3093d6d0b13c48453915d8ee8adc8b8acef0b551bced32b

            SHA512

            7539948701264c387a24768cb7d7c8e006f9cf7a64bce07c5f5eea84ec05e02d08d1c8e7c422185781cbea06139960259584116dec63ccc667ae91f76801a5c3

            Download Submit

          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133579847200385598.txt.420
            Filesize

            66KB

            MD5

            4a90573d4e1350bb3cb06a825fbd66de

            SHA1

            3f3ce3606d802cd06dda067fa2a07dfa745c90df

            SHA256

            5a74f880421a86087c44f74e3c105c9ec4fd4b1eae138984644c3d51d3e55242

            SHA512

            b09feba996e833c149a309cb45f56e79998cbdeb7fce71c15ef99a1615468aa62fd4c9b1cf3a4f802c27558a75db4c0885f84d65b1fdee979abde314d07c208c

            Download Submit