Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
21-10-2021 18:23
Static task
static1
Behavioral task
behavioral1
Sample
test1.test.dll
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
test1.test.dll
Resource
win10-en-20210920
General
-
Target
test1.test.dll
-
Size
532KB
-
MD5
510b2569ff4ed686227d4fafd4c04dfc
-
SHA1
a311db42d9b019b7f1fa1337fb88772fad9175d2
-
SHA256
653e066782817e5c09ca75786c3740b391dc7bbd8c76f38748c0d5e684b4292c
-
SHA512
29d0fcece323c7c25e2126f2636d83d267d63f43095333f9346822d089a36b3bcf46bbd718483f2a51f2d183f3d2590b5d88a4d2148438b986af2a79b9b98061
Malware Config
Extracted
squirrelwaffle
http://bostoncarservice.us/ttv8fU9U19
http://payparq-cloud-3513-01.com/bON7gU8BpvAU
http://luckysoxs.com/3FbCi7ej09p
http://payparq-cloud-8799-02.com/0yXFxtYs0Z
http://rjmholding.com/JKu3ByhTE
http://centroparquekrahmer.cl/iXIdCvMk5TD7
http://capaxion.cl/xigRVxm0X
http://bimcrea.cl/CRUKqDjn
http://payparq-cloud-8899-00.com/yeoXYV97
http://18pixels.org/mDZYHjiJi
http://e2eprocess.cl/EUsDZTqM
http://payparq.com/1DT7hrizVB
http://sammlerstore.pe/KKFuUiXVI5
Signatures
-
SquirrelWaffle is a simple downloader written in C++.
SquirrelWaffle.
-
Squirrelwaffle Payload 2 IoCs
resource yara_rule behavioral1/memory/848-58-0x00000000731A0000-0x00000000731B0000-memory.dmp squirrelwaffle behavioral1/memory/848-59-0x00000000731A0000-0x0000000073B30000-memory.dmp squirrelwaffle -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 796 wrote to memory of 848 796 rundll32.exe 28 PID 796 wrote to memory of 848 796 rundll32.exe 28 PID 796 wrote to memory of 848 796 rundll32.exe 28 PID 796 wrote to memory of 848 796 rundll32.exe 28 PID 796 wrote to memory of 848 796 rundll32.exe 28 PID 796 wrote to memory of 848 796 rundll32.exe 28 PID 796 wrote to memory of 848 796 rundll32.exe 28