When extracted and executed, Rozaeva.7z attempted the following actions: Created a scheduled task or registry key.
all traffic to the C2 address listed in the IOCs section.
Attempted communication with [Command & Control IP address] . Rozaeva.7z
the Rozaeva.7z file immediately from all network shares. Run a full system scan on impacted machines.
What made it look suspicious (e.g., AV alert, unusual file size)? Do you have the SHA-256 hash of the file? CVE-2025-0411 Detail - NVD When extracted and executed, Rozaeva
was this file found (e.g., phishing email, suspicious download)?
[e.g., Encrypted user files, exfiltrated files]. 4. Mitigation & Recommendations the Rozaeva
7-Zip software to prevent exploitation of known vulnerabilities like CVE-2025-0411. 5. Indicators of Compromise (IOCs) SHA-256: [Insert Hash] C2 Server: [IP Address/Domain] File Drop Location: %TEMP%\