9e71d03181600209f01eb261db7ebf6fbdfee38ec1ac1974d7f61f75895473d3

Analysis

max time kernel
20s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
03/01/2023, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Spotify1-1-73-517.exe
Size

70.6MB
MD5

567a2857c6f4b381ce27107cb392c0e9
SHA1

ca57b08470d6281792ba78d722d48718d3439d79
SHA256

9e71d03181600209f01eb261db7ebf6fbdfee38ec1ac1974d7f61f75895473d3
SHA512

0850eda05cfdac6fe7d678bb6e22040cbe856ed6bd78c68a52846a40fc6c89a10ce95567df8d62f461193ff3929dca4a6b6c0b5bdc3cf1f661b8f420fc281336
SSDEEP

1572864:6Vt/59XSZMUZ7Q/3PjtWomEglhE5Hm2Fyh4vWVN9FNXLs:kpXSZzNQJ9glhE5rFyheWL

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3572	Spotify.exe
1212	Spotify.exe
348	Spotify.exe

Loads dropped DLL 5 IoCs

pid	Process
3572	Spotify.exe
3572	Spotify.exe
1212	Spotify.exe
1212	Spotify.exe
348	Spotify.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run\	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe --autostart --minimized"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1804	1236	WerFault.exe	24

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppPath = "C:\\Users\\Admin\\AppData\\Roaming\\Spotify"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	Spotify.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\AppName = "Spotify.exe"	Spotify.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}\Policy = "3"	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}	Spotify.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify\shell\open	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\" --protocol-uri=\"%1\""	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\ddeexec	Spotify.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Spotify\\Spotify.exe\",0"	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify\shell	Spotify.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\spotify\shell\open\ddeexec	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\DefaultIcon	Spotify.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\URL Protocol	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell\open\command	Spotify.exe
Key created	\REGISTRY\MACHINE\Software\Classes\spotify	Spotify.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\spotify\shell	Spotify.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3572	Spotify.exe
3572	Spotify.exe
3572	Spotify.exe
3572	Spotify.exe
3572	Spotify.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3572	Spotify.exe
3572	Spotify.exe
3572	Spotify.exe
3572	Spotify.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 3572	4616	Spotify1-1-73-517.exe	81
PID 4616 wrote to memory of 3572	4616	Spotify1-1-73-517.exe	81
PID 4616 wrote to memory of 3572	4616	Spotify1-1-73-517.exe	81
PID 3572 wrote to memory of 1212	3572	Spotify.exe	83
PID 3572 wrote to memory of 1212	3572	Spotify.exe	83
PID 3572 wrote to memory of 1212	3572	Spotify.exe	83
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 348	3572	Spotify.exe	87
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90
PID 3572 wrote to memory of 4400	3572	Spotify.exe	90

C:\Users\Admin\AppData\Local\Temp\Spotify1-1-73-517.exe
"C:\Users\Admin\AppData\Local\Temp\Spotify1-1-73-517.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
  Spotify.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3572
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.1.73.517 --initial-client-data=0x450,0x454,0x458,0x424,0x45c,0x74866a30,0x74866a40,0x74866a4c
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1212
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1800,1492001581029745388,10296163821141955151,131072 --disable-features=CalculateNativeWinOcclusion --disable-d3d11 --log-severity=disable --user-agent-product="Chrome/94.0.4606.71 Spotify/1.1.73.517" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=1788 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:348
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,1492001581029745388,10296163821141955151,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="Chrome/94.0.4606.71 Spotify/1.1.73.517" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3176 /prefetch:8
    3⤵
    PID:4400
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/94.0.4606.71 Spotify/1.1.73.517" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --field-trial-handle=1800,1492001581029745388,10296163821141955151,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:2208
- - C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
    "C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,1492001581029745388,10296163821141955151,131072 --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/94.0.4606.71 Spotify/1.1.73.517" --lang=es --user-data-dir="C:\Users\Admin\AppData\Local\Spotify\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --mojo-platform-channel-handle=3228 /prefetch:8
    3⤵
    PID:632

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 1236 -ip 1236
1⤵
PID:672

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1236 -s 2456
1⤵
- Program crash
PID:1804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe
"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"
1⤵
PID:3704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad\settings.dat

Filesize
56B

MD5
731fc0d7a592145e696c7ff6ad12ed7f

SHA1
b2ae0280055508b2a226897dd96fb48f4e46544f

SHA256
9ac8856629f546bd98d5d3a0b299d107f13add29942c9d52119da73d8fb9bca7

SHA512
3104b0173deec47a15c720ccefd257bf5a2ad167997fe09616d4466fdd74263828bb8182372bccd93807ba840522e6fbf996128f6b8a3cdf61571c44f4ad18ad

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Apps\login.spa

Filesize
1.4MB

MD5
731b2dc006aa29ed1887cedda09af62f

SHA1
8ad7c2f8b6060ba1ae9203a09d8f294df09ec93d

SHA256
5727e74611b3c42e049c4bcfc519bac268639ef68a6905d7468ba57340fd35d8

SHA512
e9a353c8a191ec95c091a93adb6c98bdd82f4224e1ce3ae290d6130ce328448cc8e0d27576cb4011595a764ba45bc25a815967382b1a9d274491033e0135c0f4

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\D3DCompiler_47.dll

Filesize
3.9MB

MD5
609d3bfdbf153a74d85375a745a0d4e2

SHA1
0bd0073186dfef93c722a65de309c7132c6c97ac

SHA256
9cb657c10545e4be44c833831aa86476e44136ea27b7ee512e49f536880e3785

SHA512
3ca40c66b1f9dd7ecb60772f36f8779b71079ab1aabd81b8d796c5721cc0c8bde7ad0ee2932af01ff510a934e158e07c61c02f9dab9e89c2e0d46fa5d7d36927

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
18.1MB

MD5
cc32b4a1ac874200b3792559b932ec26

SHA1
037e9cc69bb2d1f586ffb1b858f4af4cc40a40a1

SHA256
5e298de0ad17cff2fd08fb0620504d67dd48d1c03da46cd79ffef6eeef8c9363

SHA512
006e4b7652869c56101b0ae37b840d3ab2e84cdd2806cb2a6891e0fa34ff2d94c891bb6cc1e6cec8ecc1923a64be905588d7a0249e300b9b39eacd3ab02d4661

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
18.1MB

MD5
cc32b4a1ac874200b3792559b932ec26

SHA1
037e9cc69bb2d1f586ffb1b858f4af4cc40a40a1

SHA256
5e298de0ad17cff2fd08fb0620504d67dd48d1c03da46cd79ffef6eeef8c9363

SHA512
006e4b7652869c56101b0ae37b840d3ab2e84cdd2806cb2a6891e0fa34ff2d94c891bb6cc1e6cec8ecc1923a64be905588d7a0249e300b9b39eacd3ab02d4661

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
18.1MB

MD5
cc32b4a1ac874200b3792559b932ec26

SHA1
037e9cc69bb2d1f586ffb1b858f4af4cc40a40a1

SHA256
5e298de0ad17cff2fd08fb0620504d67dd48d1c03da46cd79ffef6eeef8c9363

SHA512
006e4b7652869c56101b0ae37b840d3ab2e84cdd2806cb2a6891e0fa34ff2d94c891bb6cc1e6cec8ecc1923a64be905588d7a0249e300b9b39eacd3ab02d4661

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
18.1MB

MD5
cc32b4a1ac874200b3792559b932ec26

SHA1
037e9cc69bb2d1f586ffb1b858f4af4cc40a40a1

SHA256
5e298de0ad17cff2fd08fb0620504d67dd48d1c03da46cd79ffef6eeef8c9363

SHA512
006e4b7652869c56101b0ae37b840d3ab2e84cdd2806cb2a6891e0fa34ff2d94c891bb6cc1e6cec8ecc1923a64be905588d7a0249e300b9b39eacd3ab02d4661

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
18.1MB

MD5
cc32b4a1ac874200b3792559b932ec26

SHA1
037e9cc69bb2d1f586ffb1b858f4af4cc40a40a1

SHA256
5e298de0ad17cff2fd08fb0620504d67dd48d1c03da46cd79ffef6eeef8c9363

SHA512
006e4b7652869c56101b0ae37b840d3ab2e84cdd2806cb2a6891e0fa34ff2d94c891bb6cc1e6cec8ecc1923a64be905588d7a0249e300b9b39eacd3ab02d4661

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
18.1MB

MD5
cc32b4a1ac874200b3792559b932ec26

SHA1
037e9cc69bb2d1f586ffb1b858f4af4cc40a40a1

SHA256
5e298de0ad17cff2fd08fb0620504d67dd48d1c03da46cd79ffef6eeef8c9363

SHA512
006e4b7652869c56101b0ae37b840d3ab2e84cdd2806cb2a6891e0fa34ff2d94c891bb6cc1e6cec8ecc1923a64be905588d7a0249e300b9b39eacd3ab02d4661

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
18.1MB

MD5
cc32b4a1ac874200b3792559b932ec26

SHA1
037e9cc69bb2d1f586ffb1b858f4af4cc40a40a1

SHA256
5e298de0ad17cff2fd08fb0620504d67dd48d1c03da46cd79ffef6eeef8c9363

SHA512
006e4b7652869c56101b0ae37b840d3ab2e84cdd2806cb2a6891e0fa34ff2d94c891bb6cc1e6cec8ecc1923a64be905588d7a0249e300b9b39eacd3ab02d4661

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe

Filesize
18.1MB

MD5
cc32b4a1ac874200b3792559b932ec26

SHA1
037e9cc69bb2d1f586ffb1b858f4af4cc40a40a1

SHA256
5e298de0ad17cff2fd08fb0620504d67dd48d1c03da46cd79ffef6eeef8c9363

SHA512
006e4b7652869c56101b0ae37b840d3ab2e84cdd2806cb2a6891e0fa34ff2d94c891bb6cc1e6cec8ecc1923a64be905588d7a0249e300b9b39eacd3ab02d4661

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_100_percent.pak

Filesize
614KB

MD5
7c2a51641cd02938d3cd8c58370c6d23

SHA1
72346f5f43efe86d7ddd1cd6117aee213977fe1d

SHA256
71e0080e8718d86b8356eca9f19a9ae7b898adf0a1b175f35a6813bf73b4f660

SHA512
c04c1c21d42093ea941cf0338d84abf6f5c8c17e9cb21930816858c29f35226a00e414c90b4633ce530153e77a2d138cc0aeb53ee7d896fe003b0a3f34bc90b9

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_200_percent.pak

Filesize
919KB

MD5
3a8f22265673effc9a31c2c906a0dc34

SHA1
90c489f3e1cc0347c21fb4e2b46f30f7057deb5d

SHA256
c5b31e8f2904883ad272f59a1beab3663ae2688eec847794c361649bdad319f6

SHA512
988a9cac09bd18749c620b589f3b2c955f48741d87944ebe6bc862de9b17353e360dc48010a15edfbc0f1fa56365739323702b69dd57b208f05353f3ba03cd98

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
949KB

MD5
a366d1da7c624cbcd0574c6da50822db

SHA1
cbeb830ab7dbaa0382ef8b274a4d53b8523e1efb

SHA256
abbbed57cd021cb57909330a675ce703e894b20e837574c607565e7bf7d4312d

SHA512
c7950a9bd0bcc3df3190d2eb1b6c9df7940afaac533ff4ac44692d7b305d36d8120a0aabc25eb72ad5592361a3d7825b09f800cbefcb795295b753a518cf2089

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
949KB

MD5
a366d1da7c624cbcd0574c6da50822db

SHA1
cbeb830ab7dbaa0382ef8b274a4d53b8523e1efb

SHA256
abbbed57cd021cb57909330a675ce703e894b20e837574c607565e7bf7d4312d

SHA512
c7950a9bd0bcc3df3190d2eb1b6c9df7940afaac533ff4ac44692d7b305d36d8120a0aabc25eb72ad5592361a3d7825b09f800cbefcb795295b753a518cf2089

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
949KB

MD5
a366d1da7c624cbcd0574c6da50822db

SHA1
cbeb830ab7dbaa0382ef8b274a4d53b8523e1efb

SHA256
abbbed57cd021cb57909330a675ce703e894b20e837574c607565e7bf7d4312d

SHA512
c7950a9bd0bcc3df3190d2eb1b6c9df7940afaac533ff4ac44692d7b305d36d8120a0aabc25eb72ad5592361a3d7825b09f800cbefcb795295b753a518cf2089

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
949KB

MD5
a366d1da7c624cbcd0574c6da50822db

SHA1
cbeb830ab7dbaa0382ef8b274a4d53b8523e1efb

SHA256
abbbed57cd021cb57909330a675ce703e894b20e837574c607565e7bf7d4312d

SHA512
c7950a9bd0bcc3df3190d2eb1b6c9df7940afaac533ff4ac44692d7b305d36d8120a0aabc25eb72ad5592361a3d7825b09f800cbefcb795295b753a518cf2089

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
949KB

MD5
a366d1da7c624cbcd0574c6da50822db

SHA1
cbeb830ab7dbaa0382ef8b274a4d53b8523e1efb

SHA256
abbbed57cd021cb57909330a675ce703e894b20e837574c607565e7bf7d4312d

SHA512
c7950a9bd0bcc3df3190d2eb1b6c9df7940afaac533ff4ac44692d7b305d36d8120a0aabc25eb72ad5592361a3d7825b09f800cbefcb795295b753a518cf2089

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
949KB

MD5
a366d1da7c624cbcd0574c6da50822db

SHA1
cbeb830ab7dbaa0382ef8b274a4d53b8523e1efb

SHA256
abbbed57cd021cb57909330a675ce703e894b20e837574c607565e7bf7d4312d

SHA512
c7950a9bd0bcc3df3190d2eb1b6c9df7940afaac533ff4ac44692d7b305d36d8120a0aabc25eb72ad5592361a3d7825b09f800cbefcb795295b753a518cf2089

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
949KB

MD5
a366d1da7c624cbcd0574c6da50822db

SHA1
cbeb830ab7dbaa0382ef8b274a4d53b8523e1efb

SHA256
abbbed57cd021cb57909330a675ce703e894b20e837574c607565e7bf7d4312d

SHA512
c7950a9bd0bcc3df3190d2eb1b6c9df7940afaac533ff4ac44692d7b305d36d8120a0aabc25eb72ad5592361a3d7825b09f800cbefcb795295b753a518cf2089

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\chrome_elf.dll

Filesize
949KB

MD5
a366d1da7c624cbcd0574c6da50822db

SHA1
cbeb830ab7dbaa0382ef8b274a4d53b8523e1efb

SHA256
abbbed57cd021cb57909330a675ce703e894b20e837574c607565e7bf7d4312d

SHA512
c7950a9bd0bcc3df3190d2eb1b6c9df7940afaac533ff4ac44692d7b305d36d8120a0aabc25eb72ad5592361a3d7825b09f800cbefcb795295b753a518cf2089

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\crash_reporter.cfg

Filesize
655B

MD5
0de8df4a5ab170c6f80ba63d80390376

SHA1
9579fea263d2ebdb4a417582d87c2959de5b94b8

SHA256
8e2b9e0007c2a91d249b1d1e4237b8ec2c1dfdfd556bd60eb9157785d6a6e8c9

SHA512
a03bc8b002603e44dd775f914ea08ed08f3e1bd7f54362d96eebe4568ac8d9ed0437c9dfad24353d794f030ef5cb3e3528133ff58df31000272b832e4e600b4e

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\d3dcompiler_47.dll

Filesize
3.9MB

MD5
609d3bfdbf153a74d85375a745a0d4e2

SHA1
0bd0073186dfef93c722a65de309c7132c6c97ac

SHA256
9cb657c10545e4be44c833831aa86476e44136ea27b7ee512e49f536880e3785

SHA512
3ca40c66b1f9dd7ecb60772f36f8779b71079ab1aabd81b8d796c5721cc0c8bde7ad0ee2932af01ff510a934e158e07c61c02f9dab9e89c2e0d46fa5d7d36927

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\icudtl.dat

Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libEGL.dll

Filesize
334KB

MD5
70fce613fb748691cada80536c95bb1d

SHA1
5460379674248b1943adb0da0c2920bf0f0cc60d

SHA256
ccadd45f3e89237464b3d466cd3ab212e8ac9841f1cfa330efbbb70a6fb15c95

SHA512
d339289362b09d6a1fd8e512b451f418e9231a789d3d4eb7553aec5ec089f2aeaa23a440b11671f44ed24372c5451c1772e47163940a7b243c756a5b2f92b1ea

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libGLESv2.dll

Filesize
5.5MB

MD5
f2144935607946f62cefa63d6afee428

SHA1
65e21e7c313b1b36ae767ba045251184a7a73473

SHA256
4b03238dfe12bd0d738e336378627ea3f4457a97641b0fde31c4f66c2ba8f77b

SHA512
85c584188183c0407405e1bdb6fd2f85679db59828ad9ee5f0ce980d51bb354bb688ffd1f7aaa4cd6b6bf25e6c477d32282cea862e8205ab21c4e7c11f98fb52

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
92.6MB

MD5
a7277469161b8db11bc8c7298f682561

SHA1
ffd40076eea6ff02636495d9a46000ba9a018636

SHA256
e7a252a7680219c4cc8505df46c070b6b96b0e792ef87a02d52285a3b54a077e

SHA512
5f7d2a832d0e5608c5e4b4a68f06a3ac0ff6c3acc6a8506958fb394ed777dd704209f219c01209d4959e3c184b4fdef5a52823d3981cf7f03cc9cf71549be7b0

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
72.8MB

MD5
ea90629c811c39c9367cc1d21ce54640

SHA1
ec7ea8bc0a6e2d0f50ed5828dc4b6238bdf60401

SHA256
3213e9456750666a7fb7a230275271b51ee74687f4177f7cc67d5889753599bc

SHA512
01d938c14a649f365af92f24732acb5d9e283aa5f404856366126ef4eeed1a8ddf11ed9d1d66da8235b4371ff21e4fd9a3ff673f48af6e470f7ccb3622344bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
72.1MB

MD5
de4b27f86b64e4c91f426e6b38798468

SHA1
20d82033497f533324f5102095853177131688c0

SHA256
9a559769567c6e3ad57b2b92f73815af1bb23f39247b25eda682f8cafac62b19

SHA512
9a410825790c3c2d83ddf0d619189aa420d23884ec43539821d2a12c3784efcab37720351f3f9d41a30bb3e02fbace0d499c592ee8a43adb0393f515aa98b71c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
50.3MB

MD5
a29de79e0c0834925629d2d98edb4f0f

SHA1
79f73d77c0614a4dd77c7f9ec5620071c1084972

SHA256
9d0495d59842a22fc425f0f74ed8184365cc890f2de9f1daa183325535fcbea4

SHA512
01ce4bfe808e963226b96c18cf38abb4e78814e542d6cce9ec54aeb28955651e6b1a648a05af811351e705966c5ce14097859517816cfa8725e0b391868799fe

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
65.2MB

MD5
833edd901483dd4fff6ae5a514868755

SHA1
34868459d36ee11448034a8065d6261296e37dd2

SHA256
4164083c90907f4105e4c8a05f72648624650c6fdccd3e660ac1decbc5e083ff

SHA512
f1b85f270b0ed415d80285f29e41959fec60ebfe1c2a3113f5a7bbc7b4e382d6052396f31b1d6d767e83a2d0d56fa958da566d8dae1e5de982c37747fcec1ae0

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
65.1MB

MD5
4e10a1124716c609f76eeb04d1d31f42

SHA1
e0575f6b3e0a3c9bdf6782fecd2a7786084b4972

SHA256
473a5a28243ebceb4770e3e6890e291a25806ebf0f4959a08dc1cd0e64592932

SHA512
8a0e75c67c6e09fa8e5071ded4a8ed1630081b19e1624e1fa37fd5811739e7654a08274b9aa30fdc859b5cf307be48970b4228fd1fc8612349075ef72110c239

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
64.9MB

MD5
ca3b6b6a0a3e86c16bee0e327e5354a6

SHA1
5e60840562654549f07381184ab320e3a0c454e2

SHA256
ea540d81d967a8530596d4bcc08dfc57e1d4e711a63df13f0413336528e8bef4

SHA512
33413149d8e1fb471d027f5269b7425f90a118409974f69a6e162973a6a7730a40306ac1ca0993e82edcdb4e164316cf413787ca06781ac92f7a9e6869b63168

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libcef.dll

Filesize
54.3MB

MD5
f9b813b1703673b74950012b1c1e206b

SHA1
3d218ac6ae4b432d065f91c3cd9220739155b5cf

SHA256
565216ffc300bf627f46d77733df73cef15fdcfe8c1201d0c630741e7fd104b4

SHA512
d454861448454238cfe9cf5909241746acee43a56d214799df04abee6c0735757f8e5e24e02a93abf0d121cfa593d9c758eb23ff204afded40745bb413f3be82

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libegl.dll

Filesize
334KB

MD5
70fce613fb748691cada80536c95bb1d

SHA1
5460379674248b1943adb0da0c2920bf0f0cc60d

SHA256
ccadd45f3e89237464b3d466cd3ab212e8ac9841f1cfa330efbbb70a6fb15c95

SHA512
d339289362b09d6a1fd8e512b451f418e9231a789d3d4eb7553aec5ec089f2aeaa23a440b11671f44ed24372c5451c1772e47163940a7b243c756a5b2f92b1ea

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\libglesv2.dll

Filesize
5.5MB

MD5
f2144935607946f62cefa63d6afee428

SHA1
65e21e7c313b1b36ae767ba045251184a7a73473

SHA256
4b03238dfe12bd0d738e336378627ea3f4457a97641b0fde31c4f66c2ba8f77b

SHA512
85c584188183c0407405e1bdb6fd2f85679db59828ad9ee5f0ce980d51bb354bb688ffd1f7aaa4cd6b6bf25e6c477d32282cea862e8205ab21c4e7c11f98fb52

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\en-US.pak

Filesize
283KB

MD5
f88e6aba546bb5120325126549b97168

SHA1
dd415b6cbacaeb79f6d5f6463e4e9a74cf5a6d6c

SHA256
a171d2118fd8607f572fa39d950b81cf83e2146a73385a9fadb1500aa14daa58

SHA512
dbde9991abe4eb617f81ab859424c9a06955232392b660798450e2a6222704e0338f2139d845c222bfdffb280e155bfd1fd16ce63f747887636fe5700a846368

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\locales\es.mo

Filesize
14KB

MD5
a07ce6861bfeb7977f261c53c41c8704

SHA1
29d9d8e566b813bad3ac99471ad576b63ab4c237

SHA256
2de7f636b16c09c8e483e36bfcd2de3bb33402f58c544ffb01fdeb5e741943c3

SHA512
cb89ef338f7a65ae384c92d8062f4c8d5570c404560cb119dd306d04f310aceaa94b0c1a9de6aa1b4da0593c7d0b7bed04b76aab2f2bc9c57773bbdd67f53e9c

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\prefs

Filesize
176B

MD5
b816c955db2b9db68358187c0c728719

SHA1
9f49eb3e0aa21759c6be925931ce785b98a1b687

SHA256
9914a0c7ed27b4aa3a0717dc6423cff3ed712c8272104087ab9952094fca139d

SHA512
66021701c32873b80ec46303064b1fb8afdaced3743e2d074ec4efededb92feb883137652eccf41ed8efd8607b0c1f3df83c2b2fd422d05d86772ecdebfa7553

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\resources.pak

Filesize
7.3MB

MD5
b528671cd4f9a9764b928969a1b2a164

SHA1
749e4d0faae9524b8226d156748c9b0f0082192e

SHA256
3b4cf4697df9b0cdea15f31faa57701e61847016c74642abcda634243874bb08

SHA512
5706b4d9895856a3b06f9a50c146855bbb551cb7ee39ada98da5d7ee2b56dc440795ac8c163e268c8f03072411a9008d1b69b0a4fb4ec14ad6396887c5a01822

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\v8_context_snapshot.bin

Filesize
160KB

MD5
4fba5ce8bf10e7e11a34aba5986e329e

SHA1
278895f187db7f798d6a44639b3c14a1c0f4683a

SHA256
7f372b919a89f10f7b08adba9d9ad716910bc83d7a03f07eec392a0cd324a3aa

SHA512
f2935074fa23e8aac2a89f147b0157fa952b7cbc29f73c67cedfc60aad250e12bb7e401eb6dada28fcd3aa7d4e8c09fa9c31c4effb05225c06e5fa6866e40be1

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll

Filesize
3.2MB

MD5
ecf9b4bcd44f7a1b3ce4d0c060714711

SHA1
c19b093c54236fc1bf23b2ba4a1670e845c3861f

SHA256
a39e730aafb391eaef4a71b4d687d50ea1819de581222ee4a2543dbf1885b0ad

SHA512
1f1c7a1b67c424d97f38703b3fdba498f7e140522ec520afa0bb0c14f500873d9bb6715a932400b2f3f194e709dd4dba844593a075f5081def004b4a0b3553f2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader.dll

Filesize
3.2MB

MD5
ecf9b4bcd44f7a1b3ce4d0c060714711

SHA1
c19b093c54236fc1bf23b2ba4a1670e845c3861f

SHA256
a39e730aafb391eaef4a71b4d687d50ea1819de581222ee4a2543dbf1885b0ad

SHA512
1f1c7a1b67c424d97f38703b3fdba498f7e140522ec520afa0bb0c14f500873d9bb6715a932400b2f3f194e709dd4dba844593a075f5081def004b4a0b3553f2

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll

Filesize
599KB

MD5
355f9553102344f02afc2ed9f9c12155

SHA1
19a8d4de052c728fd7dfe3a9ffed2416d0763586

SHA256
2ef78bdba1ef0be4155217e7438d9f81b9005738ca17f20e189bec43676336a0

SHA512
10d99a187c3e0a1954d45940524239a1cc687a6e4b14c683feebe00ab9d1fe38945cf17ca181300658d31a0091aa145d6cf16b33f14599e22fdff61a4687d886

Download Submit
C:\Users\Admin\AppData\Roaming\Spotify\vulkan-1.dll

Filesize
599KB

MD5
355f9553102344f02afc2ed9f9c12155

SHA1
19a8d4de052c728fd7dfe3a9ffed2416d0763586

SHA256
2ef78bdba1ef0be4155217e7438d9f81b9005738ca17f20e189bec43676336a0

SHA512
10d99a187c3e0a1954d45940524239a1cc687a6e4b14c683feebe00ab9d1fe38945cf17ca181300658d31a0091aa145d6cf16b33f14599e22fdff61a4687d886

Download Submit
memory/348-164-0x0000000000400000-0x0000000001630000-memory.dmp

Filesize
18.2MB

Download
memory/632-175-0x0000000000400000-0x0000000001630000-memory.dmp

Filesize
18.2MB

Download
memory/1212-157-0x0000000000400000-0x0000000001630000-memory.dmp

Filesize
18.2MB

Download
memory/2208-199-0x0000000000400000-0x0000000001630000-memory.dmp

Filesize
18.2MB

Download
memory/3572-135-0x0000000000400000-0x0000000001630000-memory.dmp

Filesize
18.2MB

Download
memory/3704-197-0x0000000000400000-0x0000000001630000-memory.dmp

Filesize
18.2MB

Download
memory/4400-198-0x0000000000400000-0x0000000001630000-memory.dmp

Filesize
18.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads