Analysis

  • max time kernel
    79s
  • max time network
    26s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    23-09-2021 18:57

General

  • Target

    test.dll

  • Size

    222KB

  • MD5

    539e0a32348f112da72bb7868fd5cfac

  • SHA1

    bcdfd82522a0a45af4e4064c7f509b29b8ea83ed

  • SHA256

    4545b601c6d8a636dce6597da6443dce45d11b48fcf668336bcdf12ffdc3e97e

  • SHA512

    d3b46706f1724bf9e4daf53461ebdcef607354b2d30608e9fe2cf33aa282eac7143071ac1e8712679f15bf72abf7454562f4179a90f5a6d61af5658cb3fe762d

Malware Config

Extracted

Family

squirrelwaffle

C2

pop.vicamtaynam.com/VtyiHAft

snsvidyapeeth.in/aXmo2Dr3

trinitytesttubebaby.com/QR2JvfE3Sv

iconskw.com/cqdPtAbZ

ebookchuyennganh.com/v9PMvQDxHK8W

alsader.net/BHdQaiQ9rt

avyanshglobal.com/6pYjPlqf

primahills-online.com/ypCiZn7tMx

antoniocastroycia.com.co/WHe08obY

apexbiotech.net/VQgunQ4t5Ue

vscm.in/V3tYKxDz

sinaloworx.co.za/3GilA8Eo3r

dancongnghe.xyz/yRByhX6J3REI

trajesuniformes.com.br/qQofZMaJm

fiorenzapaes.com.br/PGYpETW7

astetinternational.com/arW5e44Y7vzO

razisystem.ir/MqvvkX0cWvn

krishnaiti.org.in/rWA02HQY4

Signatures

  • SquirrelWaffle is a simple downloader written in C++.

    SquirrelWaffle.

  • squirrelwaffle 1 IoCs

    Squirrelwaffle Payload

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\test.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\test.dll,#1
      2⤵
        PID:2024

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2024-54-0x00000000759B1000-0x00000000759B3000-memory.dmp

      Filesize

      8KB

    • memory/2024-55-0x0000000001FC0000-0x0000000005FDA000-memory.dmp

      Filesize

      64.1MB

    • memory/2024-56-0x0000000010000000-0x0000000014030000-memory.dmp

      Filesize

      64.2MB