Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
07/08/2024, 17:27
General
-
Target
SpotifyPremium-main/SpotifyFullSetup_v1.1.22.633.exe
-
Size
73.8MB
-
MD5
0110c6a8ce97ff3f935fdc76204664e7
-
SHA1
f6b6a5bc668743efd6450fad58c7dafc79b35bab
-
SHA256
a15c0e6d15233022cc903d352d186f87f3f8f6964f790a6325951f2b6adb4de3
-
SHA512
e704ee022f24e8fbc06fa7a41cfef430626cf5e67f62f31b20cfed64abfcc444e4028ab1cb3110f470bd579257912358009689cf9876d620468b703d59a77c45
-
SSDEEP
1572864:Odi2YmBJDolobiCOCIIJbg0ahx6W5KscS+rf08vLq+H1n18q7Ixz:aamBJDWoblVNq5t9+rf0Wjoq7Ixz
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 7 IoCs
-
Loads dropped DLL 26 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 11 IoCs
-
Modifies registry class 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SpotifyPremium-main\SpotifyFullSetup_v1.1.22.633.exe"C:\Users\Admin\AppData\Local\Temp\SpotifyPremium-main\SpotifyFullSetup_v1.1.22.633.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeSpotify.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exeC:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.1.22.633 --initial-client-data=0x248,0x250,0x254,0x24c,0x258,0x73fe57c0,0x73fe57d0,0x73fe57dc3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1164,16556520608951966048,5090724442225160894,131072 --disable-features=ExtendedMouseButtons --disable-d3d11 --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.22.633 --lang=en --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --service-request-channel-token=359453517143927610 --mojo-platform-channel-handle=1180 --ignored=" --type=renderer " /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=utility --field-trial-handle=1164,16556520608951966048,5090724442225160894,131072 --disable-features=ExtendedMouseButtons --lang=en-US --service-sandbox-type=network --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.22.633 --lang=en --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --service-request-channel-token=975998254963279524 --mojo-platform-channel-handle=1572 /prefetch:83⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --field-trial-handle=1164,16556520608951966048,5090724442225160894,131072 --disable-features=ExtendedMouseButtons --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.22.633 --disable-spell-checking --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=10764931025270086417 --renderer-client-id=3 --mojo-platform-channel-handle=1588 /prefetch:13⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1164,16556520608951966048,5090724442225160894,131072 --disable-features=ExtendedMouseButtons --disable-d3d11 --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.22.633 --lang=en --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --service-request-channel-token=4836603904580492072 --mojo-platform-channel-handle=1180 --ignored=" --type=renderer " /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe"C:\Users\Admin\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --field-trial-handle=1164,16556520608951966048,5090724442225160894,131072 --disable-features=ExtendedMouseButtons --disable-gpu-sandbox --use-gl=disabled --disable-d3d11 --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.1.22.633 --lang=en --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Roaming\Spotify\debug.log" --service-request-channel-token=16944219228651229374 --mojo-platform-channel-handle=788 /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
96B
MD550a997c8d8220ed77edb7e4ad28ccb09
SHA194ce3319a5e881125a0af6e6c99fa046fea7a4bc
SHA256bd0081f0965446cdcedb9c31bed4c61cd501ad3c0aa755971465550d8c4657b0
SHA512d0efabfd314544e7c3b7623d3b41fa7a9e6697c6092d3334b2f8f11f12ecad61e8799e143f0b51ce8f30fac9c602ef5faf1aebe29384c8544b1edf257ed66f48
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
187B
MD553d78c860595d4a80df62723916e35fe
SHA196c1681e7f01646561cc34105635185105f16cdc
SHA256fadd70320bf4be1e31268c19fa82fe6e60b1fde0440fb37bda5d1cf50be56bd6
SHA5122b1c6e0460f0ac0de4ec51744f0a3ad64403286b9c0302cdf98cb85718205b389e0a7213418eaa84cc852a5018e71295952eeade136ffcce5e22cae9d123d5a8
-
Filesize
56B
MD5d63539e45ee87a165952569242c66bd9
SHA1c0565735c3d63189e168316d15ca5b4316e72ecd
SHA256a670bc5b7a0593a832fbcf046f3196bd6c83cadf77078fc238dfdb243e0b5551
SHA512bfcfdce57a52f0bd757c926203e85464f59416a903b314d7cb5eed9d13d5493628429bb512122c985972b9a99de2fea26f2a1865403f254ab21a54fd14cb74cf
-
Filesize
4.7MB
MD52f70ef261a7e44c02ec7e4f4759b3efa
SHA1ad0d00d354d0511370d2c7cf7afc2b7fd3e81b3b
SHA25668d2866f656dd9a7c8091622e83540e4482eebd8298c1c43c9ef2c03788a18f3
SHA51222bececf64820ba200fc9c05fdbec27fbe8c4cb744f265025927cd957651ca2bf2ed66825f9a70f3d516594857408ffe9307db406c5d0dcc029707a88f78eb2c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
1.4MB
MD5e9c62544ef47cb696daff3e8f762c398
SHA100fa0e7f3e74a6683454a8a03c11bc152d740b46
SHA256ffeaf414220f9d7421510f2208ac4d91b02dca434432e73380cd67abc733ba87
SHA5127428f0ae7ee749c0e10afe6d3e1446e0e2c5251fd56d2b91e8916ec28e27714df23922da74a45ef31a45f5a64d70353096ccfbf04913be750581292784ff0385
-
Filesize
4.6MB
MD59a74721402f09426d04f451e0a692ebe
SHA1bb8705852d7924935fbb8f72bbd826f50fa1005b
SHA25681bf967773e4099e57e9115693a26bda53564bfe472e593f3b318db14c19d3b0
SHA512b659c6ab162b98b8b0f9e74ae8042abc47911468cf2099259f8798fa97e9a809dab3448dd2032bbe2f1b72f9cd2a4f40229dc36ae207d003e5c68c71e8b204a2
-
Filesize
3.5MB
MD5542756b0413b47be009594c929035a7a
SHA18eb75a08f028d6b6147dee7ee032f5f86ac9c300
SHA256945fc325024fc5aa9c96175015537a7465eda75b5b0f91c682b375451f6b1b9b
SHA512831b3097a341dda2cee618b4d3a3a7f610dcd09fa2359c0301348215ca0f2e178b1de7df0922be348091593ffc13ae22bb70a71900548dbbf2039de99a4456d7
-
Filesize
2.8MB
MD57aad4f786b53424f3d811c2325082ad0
SHA1246b24ca59bfee226f9d9a42bb5ce2af17465b98
SHA25615d75aa83ef907e1e6e996527a5d7e335c1a09fd571c69ad0c2f074bc48660bb
SHA512eb1fa2eb2097eae23eb60fe26bef3f2c7a4b1954813a77b4171f3c3578d798804bd3625da7f4d66bc8ce55442213534a6c58a443b8739d346a812441c38911fb
-
Filesize
639KB
MD5a86b2b671a969b3837eae64c75080608
SHA11e9fc9cb7a1c2836d21fb29cba4f5054175f0c14
SHA2564bb3c7514dc8dbe897f20c3fdf484c967c5353cf1a7dd1e3db4dd501383d28f1
SHA51273bd840a9776765b16504d874475f73a553b051a7d73b4e1d32d294f5832d6e0cc07b38dfdb6bfc6a5f80501fdd7b9e42895259865b5bec77080fc7e7563041b
-
Filesize
787KB
MD5610f4e0d38ef5f24a75418aff182dff6
SHA1706a193fe0592dd9225071a3e3eb84b500fd97b9
SHA256449d98615888c9ab78df83e2c991b110978df0b4384f51582f632351987c310c
SHA512ea7bdea46567721d44eb39fc0b0660e73d0ddce4fcbc5a1b260f1bdfd5b3e20e73ae01992dc3bcfce55aa31f10fc6b378d729c89a4afc944f7a5d38838a70fec
-
Filesize
1.6MB
MD5cfed25dd16399990350b32e07bca0aa6
SHA17543e350dcb8447fcd5887923a753ac355962ae5
SHA2560e899fa8b414db69ed26622ce7582fdd576d4456afd0fdc5cd916009b9549267
SHA512f3d402013963ccbe4c34ccf3e462b3894252a94af77bb6696e82ba728beed4c403da58af5287b95f7ea860606de2981bf0b88e12d750219c420193c9a7cac17f
-
Filesize
811KB
MD5a84b1304657994cd50f2a0468ba793ec
SHA1b91ad0bf5ed5fbe832af0e8c65a3a3f34ce2f11a
SHA2568ecfea58db5d271b9acf7a4b0417901cad56067184312a49eaaef15944e2b8e1
SHA512ef2340386fdb80f6181dc786cb62f4b953342e4176e7e3e5d60ba5ea2df408fb1477af91682195ce9a4b077adba5e1a64a442c6bed5f828649137ef0fa7bb63c
-
Filesize
616B
MD576591b52668fd56554dffbbbfd035e1b
SHA1333db8aa5bef81f856f3276f0104d8e9b4373829
SHA256fabdd0cfd156c514bc408881b4fddd80dbfaea37f7aa39949ec77645e46f6e1f
SHA5124f6e4f939602e647e9ca548167d73a638aac608f23f5c79582bf6b58a835e9b1394896195571487efdfb0972a1ea200c119852d3bc317049ce17f94fcb5cc6a4
-
Filesize
6.1MB
MD57530fe0457463bab37f9ef0cf6d135da
SHA1cf29e45ea5f9071336214831ca17b60c2a503acd
SHA256f142df319321744166eec3ef585e744871ce37e782fe985e19a88b612d2e6d0c
SHA5128559e60b14b256114253ed23dc98c6dfadff01e90fe2a0e2f3502610e075877b4dbc6675d3298ec13fc79b818638c01b4c22976341d6c19b2988997ea387f913
-
Filesize
9.9MB
MD59e8b247aa7a609e6632518ecd6634fc0
SHA1cc43315bec76167be7dfbb7dd0b6d61974204d6c
SHA25618acc07d9ca59b1e599343b022a9e602a0a0c152866f7e5dce1fedd2dbcd33a0
SHA5127a9590f410c14886317d7cdae606b50b4a0355061e251aa3bcd3e0c614438298e839ff116553089116423e9bc98c131f35796478517d88a180a5a2d08ff7fa5f
-
Filesize
6.3MB
MD5b586991d8ba5dbe32e949256f36e5f21
SHA14dc4f289f972af7d820e9137cd831db74b0d0e99
SHA256d6c870dfb917cb3220e6cf14c2027cb2edcf131b898c8212b7c1b8d067df3bdf
SHA512da23b47cccbe082c26873f1c586672e43f683b354ba47e6dee034b659457fef207c3ec2fca14845b7adc1279e4039da6b2d8a74aebbf0c177b81df100c8b219d
-
Filesize
196KB
MD57514f1440f2e55e54e69425f2de507b7
SHA1f52b43c1ea49844dd8783d039fa0ab79796111a2
SHA2562d80b8e1546067ab70de3792c6ba2a345b5012bbdd552aa390e3bd705b598e7a
SHA512796ed9b7b68b970c0438c8ff9101811dfe002131e9673e481a9149310db1f764080888c6c071f9b681a68bdbe22165e83e8998a79a6500dd653fbfd37fd68d22
-
Filesize
13KB
MD506ac6409305a63ac70ae00c40cd5c9e1
SHA1cd1c6d37c26e11d15a3220259c6603e71ea58631
SHA256d7e5c5a730fff38e627e7cf1cee9b61e9847c6e9defbf52cde5fa4f8816e4068
SHA512184e54650e6d0f9be7cc1bfa304ab5400da21c200aa13767d2a39412016d15841e08b55cdd452a7bb30c5669e950110c5d198d0b925f3a74627f191e4e8536dc
-
Filesize
80KB
MD51582ffe1b8cb37438bc22edee6cd0a90
SHA101af249f33b2e5ffba18ba8f7cd76f2ee0e5f425
SHA25602586eeaf4ce40d1b34310d885e34fb63e8e9f155fcedbd796536735907cbe80
SHA5128c66ba4ef15fea573c29f0f6977e290b8fd72f4c8833f31a9b0ef4285f5493e9b27daf3a02c352ed12eadce36cda933d9d97576bfa4dcbbcc04294e73ad9ebfc
-
Filesize
333KB
MD5b3219f770d4eb78c8195a98e302cd4d0
SHA1db499f41037f80e4ebd8fd6db282935dc62e8f3b
SHA2566c07b2d18ec656eac2e88589cd0549c87548cdae43fc96df3c747a1940abb99b
SHA5121d72bd460e842a8039a7aaa0aefe8cf338d9e02462e2292b35fa6808bebd51b183bdebee18da79070cc847e1dc06189f4467051f3b99514538e44b1e8ec81018
-
Filesize
2.9MB
MD5627ba275f474e421378b5897797b9dfa
SHA118ed81eeb3c78275d00037ba377f2e025a176206
SHA2567ecd099623e5e9c124c0d687abee87eac5b526ad3743307d158d82a4bd761836
SHA512c69b772e428f8ac83181031eca5bac07a3eebebaf5978c92bb0b2f8d42a6dd79be114e1e5be493a1263cc3eba242ce797800a2937bbff598a0de096330bd6447
-
Filesize
600KB
MD58367768a9b8300a812fd5fa6e51b3f82
SHA18d0228e2f6d3fb46b122ba7f36283a4eaa19c84d
SHA256dffc7058c30924535496bfc08bc989ed66119a139224c31e1cff65a4b309ce61
SHA512388640d0a0fd17464ff56aa843ac724f8247b85985e4dfd1b586ed6f55a6056c805c84109ed981ff516c39025cedb224945df772ea17cbef6c9fed30f6fc0498
-
Filesize
21.1MB
MD5b8a53626def7b6141fc8de2ac4c606e1
SHA1f787fe656e71c0257dc2df1d59c6255f20dfbbfa
SHA256ccc062a87500c9300629158090660d84d2602f35465118e8177a217148cabbea
SHA51269bb7f1cb84d1c72bec57e260f7bcb877f04112dc1ce4a3e47cf492376c4cd273ecccd4c2dfa6d06ca1f785391725aba3b05bf2ac73fb4a6ed4a1a8719cba907
-
Filesize
310KB
MD5ff9e904710744aa13bb3ce093fe33c3f
SHA1a112a00e6bc434b077e5277737a5618ee787a3cb
SHA256ee680f8b73af463a713c42f434e0f4c91705810f2c6b102b836bf153277256f1
SHA5125cbfe3aeced7dce0d6938673d5a46c10bf4746649724a7488ef1a7e0b1a687e2965909cbc75c5ea8eb4a79307c7a4b4756c9a37b365ab0e5b84fd57554a10261
-
Filesize
21.4MB
-
Filesize
21.4MB
-
Filesize
21.4MB
-
Filesize
4KB
-
Filesize
21.4MB
-
Filesize
21.4MB
-
Filesize
21.4MB
-
Filesize
21.4MB