Analysis
-
max time kernel
1796s -
max time network
1802s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
24-09-2021 20:14
Static task
static1
Behavioral task
behavioral1
Sample
test1.test.dll
Resource
win7-en-20210920
windows7_x64
Behavioral task
behavioral2
Sample
test1.test.dll
Resource
win10-en-20210920
windows10_x64
General
-
Target
test1.test.dll
-
Size
211KB
-
MD5
78e20bf482434bc2f64245ab86c0856f
-
SHA1
cf79862d895d744741a261432d6f7a087818d66d
-
SHA256
85569f094eae1b6e66e0ab9d3dc0f653e3a411ef01b4fbed5ef6e462d3afeb77
-
SHA512
1f20e16050bd76e330ad9b51dd5e942e1a6e1c97aa5508b367ae47acc900f9c5fa5f3fafc76aad1a0502add53dec5642321eeb098cc8b81d159568877fba15a2
Malware Config
Extracted
squirrelwaffle
pop.vicamtaynam.com/VtyiHAft
snsvidyapeeth.in/aXmo2Dr3
trinitytesttubebaby.com/QR2JvfE3Sv
iconskw.com/cqdPtAbZ
ebookchuyennganh.com/v9PMvQDxHK8W
alsader.net/BHdQaiQ9rt
avyanshglobal.com/6pYjPlqf
primahills-online.com/ypCiZn7tMx
antoniocastroycia.com.co/WHe08obY
apexbiotech.net/VQgunQ4t5Ue
vscm.in/V3tYKxDz
sinaloworx.co.za/3GilA8Eo3r
dancongnghe.xyz/yRByhX6J3REI
trajesuniformes.com.br/qQofZMaJm
fiorenzapaes.com.br/PGYpETW7
astetinternational.com/arW5e44Y7vzO
razisystem.ir/MqvvkX0cWvn
krishnaiti.org.in/rWA02HQY4
Signatures
-
SquirrelWaffle is a simple downloader written in C++.
SquirrelWaffle.
-
squirrelwaffle 1 IoCs
Squirrelwaffle Payload
resource yara_rule behavioral2/memory/2228-117-0x0000000010000000-0x0000000014030000-memory.dmp squirrelwaffle -
Blocklisted process makes network request 64 IoCs
flow pid Process 6 2228 rundll32.exe 8 2228 rundll32.exe 9 2228 rundll32.exe 10 2228 rundll32.exe 13 2228 rundll32.exe 14 2228 rundll32.exe 20 2228 rundll32.exe 21 2228 rundll32.exe 23 2228 rundll32.exe 24 2228 rundll32.exe 25 2228 rundll32.exe 26 2228 rundll32.exe 27 2228 rundll32.exe 28 2228 rundll32.exe 29 2228 rundll32.exe 30 2228 rundll32.exe 31 2228 rundll32.exe 32 2228 rundll32.exe 33 2228 rundll32.exe 34 2228 rundll32.exe 35 2228 rundll32.exe 36 2228 rundll32.exe 37 2228 rundll32.exe 38 2228 rundll32.exe 39 2228 rundll32.exe 40 2228 rundll32.exe 41 2228 rundll32.exe 42 2228 rundll32.exe 43 2228 rundll32.exe 44 2228 rundll32.exe 45 2228 rundll32.exe 46 2228 rundll32.exe 47 2228 rundll32.exe 48 2228 rundll32.exe 49 2228 rundll32.exe 50 2228 rundll32.exe 51 2228 rundll32.exe 52 2228 rundll32.exe 53 2228 rundll32.exe 54 2228 rundll32.exe 55 2228 rundll32.exe 56 2228 rundll32.exe 57 2228 rundll32.exe 58 2228 rundll32.exe 59 2228 rundll32.exe 60 2228 rundll32.exe 61 2228 rundll32.exe 62 2228 rundll32.exe 63 2228 rundll32.exe 64 2228 rundll32.exe 65 2228 rundll32.exe 66 2228 rundll32.exe 67 2228 rundll32.exe 68 2228 rundll32.exe 69 2228 rundll32.exe 70 2228 rundll32.exe 71 2228 rundll32.exe 72 2228 rundll32.exe 73 2228 rundll32.exe 74 2228 rundll32.exe 75 2228 rundll32.exe 76 2228 rundll32.exe 77 2228 rundll32.exe 78 2228 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2072 wrote to memory of 2228 2072 rundll32.exe 69 PID 2072 wrote to memory of 2228 2072 rundll32.exe 69 PID 2072 wrote to memory of 2228 2072 rundll32.exe 69