Overview

overview

10

Static

static

www2.bin.dll

windows11_x64

10

www2.bin.dll

windows10_x64

10

www2.bin.dll

windows10_x64

10

Resubmissions

24-09-2021 14:21

210924-rpcsdshca9 10

16-09-2021 14:45

210916-r477vagebj 8

Analysis

  • max time kernel
    1778s
  • max time network
    1781s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    24-09-2021 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    www2.bin.dll

  • Size

    334KB

  • MD5

    84a32095bcbc0ed694f09f1dd8f2a70f

  • SHA1

    23f7334db6979f04d5a2a9a846f82c526bfe6736

  • SHA256

    671f477c3039786c5f3553760377be03b91bfb66f31ba9370ed2193192cf5b4e

  • SHA512

    e3db14700e24210d1e2f1c19fcbb1b7074d73f5cdc4cbaf737b9a92a4f3b8d9b71efaa450aac9f7f4baef1ca8463f0668a3d72b888e0d39195e4c6115de5012a

Score
10/10
squirrelwaffledownloader

Malware Config

Extracted

Family

squirrelwaffle

C2

spiritofprespa.com/9783Tci2SGF6

amjsys.com/RIZszf8vR

hrms.prodigygroupindia.com/SKyufGZV

centralfloridaasphalt.com/GCN0FChS

jhehosting.com/rUuKheB7

shoeclearanceoutlet.co.uk/46awDTJjI4l

kmslogistik.com/aS1mjTkJIy

bartek-lenart.pl/1bWJ57V9vx

voip.voipcallhub.com/ZVmfdGHs4T

mercyfoundationcio.org/XF9aQrXnakeG

key4net.com/a8A2kcc1J

chaturanga.groopy.com/mxN3lxZoVApc

voipcallhub.com/ilGht5r26

ems.prodigygroupindia.com/v5RvVJTz

novamarketing.com.pk/k8l36uus

lenartsa.webd.pro/fz16DjmKmHtl

lead.jhinfotech.co/YERjiAMaupaz
Attributes
  • blocklist

    94.46.179.80

    206.189.205.251

    88.242.66.45

    85.75.110.214

    87.104.3.136

    207.244.91.171

    49.230.88.160

    91.149.252.75

    91.149.252.88

    92.211.109.152

    178.0.250.168

    88.69.16.230

    95.223.77.160

    99.234.62.23

    2.206.105.223

    84.222.8.201

    89.183.239.142

    5.146.132.101

    77.7.60.154

    45.41.106.122

    45.74.72.13

    74.58.152.123

    88.87.68.197

    211.107.25.121

    109.70.100.25

    185.67.82.114

    207.102.138.19

    204.101.161.14

    193.128.108.251

    111.7.100.17

Signatures

  • SquirrelWaffle is a simple downloader written in C++.

    SquirrelWaffle.

    downloadersquirrelwaffle
  • squirrelwaffle 2 IoCs

    Squirrelwaffle Payload

  • Blocklisted process makes network request 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\www2.bin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1828
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\www2.bin.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1964-115-0x0000000000000000-mapping.dmp

    Download

  • memory/1964-117-0x00000000734F0000-0x0000000073552000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1964-116-0x00000000734F0000-0x0000000073501000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1964-118-0x00000000011D0000-0x00000000011D1000-memory.dmp

    Filesize

    4KB

    Download