Overview

overview

10

Static

static

3

Seven.exe

windows10-2004-x64

1

Seven.exe

windows11-21h2-x64

1

Seven.exe

windows10-2004-x64

10

Seven.exe

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Seven.zip

  • Size

    1.1MB

  • Sample

    240430-y4fk6afb8y

  • MD5

    77fd35e897a2b8313e039e387490c305

  • SHA1

    a128523b8fb5ce206c4b936ead17d1d2820d52bb

  • SHA256

    436bfb2e24b04bda0e181a3cc5196cc3cc71d272d2e66b86d0441a6a6e814bbe

  • SHA512

    5f7a8c178ff75ed39d74d98a959f7e175e601ba51f095bd34591dc69a158f462974f282d4366a16c035cd6783b187b6b04f6f993d679e39fe210203af14f6f48

  • SSDEEP

    24576:sjNo2xeqDFdvA8dDHEg1DEnXRuIDOCMt/CjVW9O2584VWFDO:mZeqrldDHEg9EnBubp/CJHA88r

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.0MB

    • MD5

      5c684b9229a0bb82b31c7e17cb0496c7

    • SHA1

      a141f6f33f9b766a91fb3bc0248be0e3e3373747

    • SHA256

      ba4a5dd2f126de491b60e4cb899319688c1b1308efddad0d550fcee87b24258a

    • SHA512

      7a477c23b9c345253f2f8581868a72e54ce980e665c841af6795428860103e0d8440a7a047538a2bff5b7ac43f1cf06b4c3b52074fd72d5b378bed75755a1955

    • SSDEEP

      24576:JfMixCqjFnv68dJV2gLDEFdRkIXOcYtLwbHWfr2c5wqwWn:ZzCqtvdJV2gXEF/ktJLwDI2qHw

    Score
    1/10
    behavioral1behavioral2

    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      350273e0d2e8a9ba5e37b791016112a0

    • SHA1

      5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

    • SHA256

      27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

    • SHA512

      b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

    Score
    10/10
    evasiontrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • UAC bypass

      evasiontrojan

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables cmd.exe use via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks