d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167 | Triage

Resubmissions

12-10-2021 19:51

211012-yks25sdbf9 10

01-10-2021 04:26

211001-e2kmjsahdl 10

Analysis

max time kernel
150s
max time network
128s
platform
windows10_x64
resource
win10-en-20210920
submitted
01-10-2021 04:26

Sharing

Report Analysis Logs

General

Target

stage2.bin.dll
Size

76KB
MD5

e8ae3940c30296d494e534e0379f15d6
SHA1

3bcb5e7bc9c317c3c067f36d7684a419da79506c
SHA256

d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167
SHA512

d07b8e684fc1c7a103b64b46d777091bb79103448e91f862c12f0080435feff1c9e907472b7fd4e236ff0b0a8e90dbbaaac202e2238f95578fed1ff6f5247386

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Possible SQUIRRELWAFFLE Server Response
suricata: ET MALWARE Possible SQUIRRELWAFFLE Server Response
suricata
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata
suricata: ET MALWARE SQUIRRELWAFFLE Server Response
suricata: ET MALWARE SQUIRRELWAFFLE Server Response
suricata

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2652	2548	regsvr32.exe	70
PID 2548 wrote to memory of 2652	2548	regsvr32.exe	70
PID 2548 wrote to memory of 2652	2548	regsvr32.exe	70

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\stage2.bin.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\stage2.bin.dll
  2⤵
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads