Overview

overview

9

Static

static

3

SevenRecode.exe

windows10-2004-x64

1

SevenRecode.exe

windows11-21h2-x64

1

SevenRecode.exe

windows10-2004-x64

9

SevenRecode.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SevenRecode.zip

  • Size

    102KB

  • Sample

    240501-evnqmahf92

  • MD5

    72136f35f0254cc8d93a390498c09a3f

  • SHA1

    72ba287d6bee70d2289630f6b24f440acd7b3aea

  • SHA256

    6df99010279800c1cce0ecc0a59281f399b4c774ad61dc486a9ee9944bef3901

  • SHA512

    4baa067ff4565c05e507bb3186724e29f8f700f1bc3f47ff33ad5b814ac5966397d7fb2cfc539cbc937fffa1dbb126f3663eb5d87c2cdb67f41d618acf7ca753

  • SSDEEP

    1536:7jbsw0dCDbdp8K/kjhDYiZY3JVhiXFGGDsSuV2m+AoI42C4WHTO9cPezLRzY8:3bsgdp8iGXe3JmVGGDsHcbILBpCwl7

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      SevenRecode.dll

    • Size

      34KB

    • MD5

      b844c9e096c8dbd6069e95afad64535d

    • SHA1

      1b1c50083a68474337ce856e529a86c5de72789a

    • SHA256

      9e3a620c78a5fc9f2e0e4b32e9780afc39fea429a692904dbb2d63b223080cf3

    • SHA512

      afef66c46f94ca9c6fc8db6c3db4de991345797b5ef4b9ea139daef4bf1ed8558cb0cf8661aa95e238fe280ffaf503023b1cbeefafb0e4c9a28f5c56bbd6d382

    • SSDEEP

      768:qxHComOIJf8qvbPgU+kHk7k4b5CI61ujwHG4x:QxCVLg57kcb61Vm4

    Score
    1/10
    behavioral1behavioral2

    • Target

      SevenRecode.exe

    • Size

      139KB

    • MD5

      a2488db381a90da326053a2050cee0b3

    • SHA1

      ccd2a0b649126f6fcd9c8118ee35c9444bc5acd3

    • SHA256

      ab179853ce915ac8d41a77c553a56bd9c660f632326ab97929fd57b081138ef4

    • SHA512

      3f9ae5f78f632e9b07f98ea88a806f7252340882f07081bfe2f1cdadde39a13324bee455a78971ade7e893d03ed27a1a7d123dd59b504eaf0adc8340457fad42

    • SSDEEP

      3072:eiS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJt8ltf:eiS4ompB9S3BZi0a1G78IVhcXct

    Score
    9/10
    ransomwarespywarestealer

    • Renames multiple (3774) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks