56a19e0fb6b02d11d6ba2a8ba43a0d649f918b1bc880202e38ac6b172e63f89e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Spotify.exe

windows7-x64

Spotify.exe

windows10-2004-x64

Sharing

General

Target

Spotify.exe
Size

2.0MB
Sample

240614-1erm8s1amr
MD5

c619774435d8720df59cb75b8c80e73a
SHA1

25cbf4ae545d37edf9ba1960a325a6aadd2cf6df
SHA256

56a19e0fb6b02d11d6ba2a8ba43a0d649f918b1bc880202e38ac6b172e63f89e
SHA512

6f7e8fd68c0ebec1de9d94b4e4cff58c931ed9b2d77b2ce889bc48ddd4625ceac857504892013895e7a9d97e511e838add57e7f18d7872a3cc5e1addecb2a138
SSDEEP

49152:ckQBBdBbeJdDjnlxrWXyXFWsmZ4kq7bGp:cRBVC/jlxayosa4P3Gp

Score

10^/10

execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Spotify.exe

Resource

win7-20240221-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Spotify.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Spotify.exe
- Size
  
  2.0MB
- MD5
  
  c619774435d8720df59cb75b8c80e73a
- SHA1
  
  25cbf4ae545d37edf9ba1960a325a6aadd2cf6df
- SHA256
  
  56a19e0fb6b02d11d6ba2a8ba43a0d649f918b1bc880202e38ac6b172e63f89e
- SHA512
  
  6f7e8fd68c0ebec1de9d94b4e4cff58c931ed9b2d77b2ce889bc48ddd4625ceac857504892013895e7a9d97e511e838add57e7f18d7872a3cc5e1addecb2a138
- SSDEEP
  
  49152:ckQBBdBbeJdDjnlxrWXyXFWsmZ4kq7bGp:cRBVC/jlxayosa4P3Gp
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy