Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Salwyrr Launcher.exe

windows7-x64

1

Salwyrr Launcher.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Salwyrr Launcher.exe

  • Size

    150.5MB

  • MD5

    358fcbfda7fdc5e8966be81cd82e3fc9

  • SHA1

    1ca3c9cd0e791c82f139c543449630653447c33a

  • SHA256

    bcc98408be7d77e03ca6fd8f1e7e01d30f3b55e3bb236735d514037f6b2da53f

  • SHA512

    bc26f6e9395386791a7438e2e2f25644029584e6c318775b20cf8f13d268397b6a0e2f6ad8b2ccf726dc8a1102c6b08cef9a00fbd83855b65b0626deba009956

  • SSDEEP

    1572864:ZGdFYlhnXsryUGmVlsdBbd51I8udcDs/VgC5daNcBgBTIWfbgrLvNc3xhRsOmpe:nlhnXr7er5c+rp

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"
    1⤵
      PID:3612
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4324
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:224
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.0.2126061276\1512879015" -parentBuildID 20221007134813 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1da5bb17-74bd-4f37-b249-49aeee1c2246} 224 "\\.\pipe\gecko-crash-server-pipe.224" 2012 24262ef3658 gpu
          3⤵
            PID:5076
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.1.1033428037\29787918" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1ef1f00-678a-498e-ad35-25e79be3fa00} 224 "\\.\pipe\gecko-crash-server-pipe.224" 2412 2424f06f558 socket
            3⤵
              PID:8
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.2.31511786\409294587" -childID 1 -isForBrowser -prefsHandle 3380 -prefMapHandle 3376 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a233b4b-926e-40ac-a29a-3c95d3b443b4} 224 "\\.\pipe\gecko-crash-server-pipe.224" 3388 24262e5dd58 tab
              3⤵
                PID:2388
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.3.1424253064\2096556277" -childID 2 -isForBrowser -prefsHandle 3076 -prefMapHandle 2880 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3862648b-5826-4594-b88e-60c56674cd2b} 224 "\\.\pipe\gecko-crash-server-pipe.224" 3752 2424f069058 tab
                3⤵
                  PID:4428
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.4.1929597781\1758917357" -childID 3 -isForBrowser -prefsHandle 4376 -prefMapHandle 4372 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d7cae65-6faf-444b-96ba-80038022c3c0} 224 "\\.\pipe\gecko-crash-server-pipe.224" 1768 24268122e58 tab
                  3⤵
                    PID:5004
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.7.1664320630\170271813" -childID 6 -isForBrowser -prefsHandle 5488 -prefMapHandle 5492 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {099864ae-4fc6-4c30-9e1f-9f5ec4a0bb9e} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5152 2426935cb58 tab
                    3⤵
                      PID:4716
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.6.1013106492\1743678340" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f56dcd1d-2d0c-45ed-9b27-9149aa89c5b9} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5352 2426935fb58 tab
                      3⤵
                        PID:4452
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.5.1607830633\69160200" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5112 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e68fefda-d99a-4275-a771-694f9c8f8a4a} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5132 2426935c558 tab
                        3⤵
                          PID:3588

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      942dea21bd0e86b53e2caac96ae91b26

                      SHA1

                      dd2e2c80d03decf913e70a817abdb4adb8d484f7

                      SHA256

                      b26b89fcd193e00b2ab208674b53e826e3ff5919191312cc05ae4b2badba2622

                      SHA512

                      5e31d298f695b09dcc1e00cb3e95a5f984eb73d01e24d1f6ddf6d9b3bbbcf85c808cae1098d9c96f23226ae7fb7325cd6ffc49f781e16b086ed9ff040ee34b17

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\datareporting\glean\pending_pings\9dab74f5-71aa-4920-bb91-e2f058ba3690
                      Filesize

                      11KB

                      MD5

                      7f53b28b2e9161098aff69bcee4dc148

                      SHA1

                      57ead923a15f43a869fa340c41f0a603446d91fc

                      SHA256

                      3207c9105ea9353d5de7297e7c525bfe63297c972602ae1f1a01b1b2e18a93db

                      SHA512

                      810af273b9a33c7306fdb6665d0181c3b5260817e2f9b690f63bf0ed7766db43270b7e4cdeddf56a56552287b8406698c21481deaf0a366d7d41a6ea8d150c20

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      c44668b327c525b705c299c3ab961c85

                      SHA1

                      bdff264795a6332a00e1b3418889ba994adc743c

                      SHA256

                      34a81b31951e0e484cc55d42d39499fd3e4cd70691357c7cc702dab543ba8285

                      SHA512

                      02361f10389c3e8b74c3330ff22f5ce58d8c3b6644ec74c5450e3125258db90cf21e27a7928657016f41bbf27001a32e595a6d490ed274abb35f2e57e34602d7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      f66620017e89f56d649216a24b35c491

                      SHA1

                      12c1606421b1cd275e259d99bbcf588748bf4777

                      SHA256

                      a83333dcd8d0f59c31a832f74a6fc6bad6fe959c61e2bfa5aa10f7545030e798

                      SHA512

                      6f21e6545f43a34a1d928e046846b063acb8595fb63ce2d2467b4872ce2abf37c8f3c1314b30cd519264dee47a611c955984903add8da239b2e645cab1ab9222

                      Download Submit