cc2903b84b82bcd007239ea22f93d27a16c166ee6880155ae6a320fc65f9d4ac | Triage

Analysis

max time kernel
73s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/02/2023, 03:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Salwyrr Launcher.lnk
Size

2KB
MD5

3e32eb7c2ac78860b61368a5e847237f
SHA1

d75f379560ba5e5fc9f97b86894fba144f1855b5
SHA256

cc2903b84b82bcd007239ea22f93d27a16c166ee6880155ae6a320fc65f9d4ac
SHA512

a0a14f7ee9668e6ec053862547d37e66e7734a7345dcbbc709fc06eeec5dcd5973bc942d88d4e732fcda95022a00d75aac6ff51a535265b03714713d4d51b0d5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.lnk"
1⤵
PID:4652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads