Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
17/08/2024, 10:31
240817-mkna4stfrk 317/08/2024, 10:30
240817-mjt29s1bpe 317/08/2024, 10:29
240817-mjbkxs1bna 3Analysis
-
max time kernel
51s -
max time network
54s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
17/08/2024, 10:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SpotifySetup (1).exe
Resource
win7-20240708-en
windows7-x64
7 signatures
60 seconds
Behavioral task
behavioral2
Sample
SpotifySetup (1).exe
Resource
win10v2004-20240802-en
windows10-2004-x64
0 signatures
60 seconds
General
-
Target
SpotifySetup (1).exe
-
Size
32.1MB
-
MD5
9bf2225af48fae7931de7b64d09d9ec6
-
SHA1
4b38d424e901b8b28b51fdb469fb71efd375808f
-
SHA256
6dc714fb1a0463d78ee93c6a3c039e4785a3bcfb1c786f4a6247270cf25e7200
-
SHA512
586764f60a40f1e06b85e0c12c2dadc347d4d401d049a6aaba4bb27b7a0ac3602578ea4bbe57ec63b26e4a7c9f8c33155af0b9b76ea23f9d9677fb9b7298a9ac
-
SSDEEP
786432:4Oygy37xV9YJ9odAQNOsISlcmrcLdRWZR7fgemtg+m+q:jy1tV9YJ9odnQsvlcmuWZpfgemtTq
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TypedURLs taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 25 IoCs
pid Process 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2704 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2704 taskmgr.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
pid Process 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe -
Suspicious use of SendNotifyMessage 51 IoCs
pid Process 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe 2704 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SpotifySetup (1).exe"C:\Users\Admin\AppData\Local\Temp\SpotifySetup (1).exe"1⤵PID:2420
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2704
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
PID:2668