Analysis
-
max time kernel
146s -
max time network
130s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
24-09-2021 20:38
Static task
static1
Behavioral task
behavioral1
Sample
test1.test.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
test1.test.dll
Resource
win10-en-20210920
General
-
Target
test1.test.dll
-
Size
309KB
-
MD5
3d77d7a2e2697d35b281123afe4b030c
-
SHA1
4087259179a6761e376dcfbf2e981e1c0cacc287
-
SHA256
07c7cb49350bf3c6de4193fb2eeb8dd92d6662d60393ebd483a54bac80fb0b44
-
SHA512
8c1645fa7bf81be88533e9aff8a308311f637e3d0b64244a4fa1679de53f706b9222d4bc9caa82f1340dea641d33feb3dfa3b67b2cd324a65bf570b18bf3a17c
Malware Config
Extracted
squirrelwaffle
hutraders.com/0eeUtmJf8O
goodartishard.com/0JXDM9kMwx
now.byteinsure.com/tnjUrmlhN
asceaub.com/Xl8UCLSU
colchonesmanzur.com/GjVgBnKaNIC
sistemasati.com/0SzGNkx6P
maldivehost.net/zLIisQRWZI9
lrdgon.org/l7r96tjAJ
binnawaz.com.pk/jhSZGWS76C
fhstorse.com/vJlgdjJnpIop
Signatures
-
SquirrelWaffle is a simple downloader written in C++.
SquirrelWaffle.
-
squirrelwaffle 2 IoCs
Squirrelwaffle Payload
resource yara_rule behavioral1/memory/2012-55-0x0000000074840000-0x0000000074850000-memory.dmp squirrelwaffle behavioral1/memory/2012-56-0x0000000074840000-0x000000007491F000-memory.dmp squirrelwaffle -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2004 wrote to memory of 2012 2004 rundll32.exe 27 PID 2004 wrote to memory of 2012 2004 rundll32.exe 27 PID 2004 wrote to memory of 2012 2004 rundll32.exe 27 PID 2004 wrote to memory of 2012 2004 rundll32.exe 27 PID 2004 wrote to memory of 2012 2004 rundll32.exe 27 PID 2004 wrote to memory of 2012 2004 rundll32.exe 27 PID 2004 wrote to memory of 2012 2004 rundll32.exe 27