Overview

overview

10

Static

static

3

Seven.exe

windows10-2004-x64

1

Seven.exe

windows11-21h2-x64

1

Seven.exe

windows10-2004-x64

10

Seven.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Seven.zip

  • Size

    941KB

  • Sample

    240430-z8xwnsga2x

  • MD5

    f8405777958ed98a2f4919ed4067dff5

  • SHA1

    522aa17cdaf40306914b95d3d18ea5622f433ef7

  • SHA256

    cb7d44fc9b3a2d352290a0f4bb30c51e5f5e6f770c15262d1c9d19af244e1a23

  • SHA512

    31a48dfe4c885dbff2331f68ba7932efe6c946ae5a00e3862f0b35a54f70b35f5f8d692c3f0e70291fcbc154eecaf686936eb2defb80fcb913f80af7cc0f5f53

  • SSDEEP

    24576:a2JQ6RkqvPXV0Yd6iPk+FZtXt694KJ33WLhWX7N/KwV:a2JNkqlJd6i959OWNGce

Score
10/10
evasionransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      873KB

    • MD5

      9f24b59645bed8b7f15620853942c679

    • SHA1

      2f3b96dbf205be578733569732c1b1a354860dc3

    • SHA256

      f76e35fe8874004ee96007d3e3308e61f3467d4c8f075eb1ad1ebca64f257ade

    • SHA512

      4e9692973975aa1df9b25bffdbcedf0f3ab11aabddf146fa7a03fecaabc25f277cc498f0fb7a5afe6fca782c7c9cd0958e30ea29da8dce05194a8d056575c689

    • SSDEEP

      24576:xmhMiR+qjPnVaYdQ41k+9ZJpt6xQMJP1WdjWbWWqxK:xmhT+qJXdQ4rVrIkJ/8

    Score
    1/10
    behavioral1behavioral2

    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      350273e0d2e8a9ba5e37b791016112a0

    • SHA1

      5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

    • SHA256

      27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

    • SHA512

      b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

    Score
    10/10
    evasionransomwarespywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • UAC bypass

      evasiontrojan

    • Renames multiple (293) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables cmd.exe use via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks