Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Spotify.exe

  • Size

    2.0MB

  • Sample

    240614-1erm8s1amr

  • MD5

    c619774435d8720df59cb75b8c80e73a

  • SHA1

    25cbf4ae545d37edf9ba1960a325a6aadd2cf6df

  • SHA256

    56a19e0fb6b02d11d6ba2a8ba43a0d649f918b1bc880202e38ac6b172e63f89e

  • SHA512

    6f7e8fd68c0ebec1de9d94b4e4cff58c931ed9b2d77b2ce889bc48ddd4625ceac857504892013895e7a9d97e511e838add57e7f18d7872a3cc5e1addecb2a138

  • SSDEEP

    49152:ckQBBdBbeJdDjnlxrWXyXFWsmZ4kq7bGp:cRBVC/jlxayosa4P3Gp

Score
10/10

Malware Config

Targets

    • Target

      Spotify.exe

    • Size

      2.0MB

    • MD5

      c619774435d8720df59cb75b8c80e73a

    • SHA1

      25cbf4ae545d37edf9ba1960a325a6aadd2cf6df

    • SHA256

      56a19e0fb6b02d11d6ba2a8ba43a0d649f918b1bc880202e38ac6b172e63f89e

    • SHA512

      6f7e8fd68c0ebec1de9d94b4e4cff58c931ed9b2d77b2ce889bc48ddd4625ceac857504892013895e7a9d97e511e838add57e7f18d7872a3cc5e1addecb2a138

    • SSDEEP

      49152:ckQBBdBbeJdDjnlxrWXyXFWsmZ4kq7bGp:cRBVC/jlxayosa4P3Gp

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks