squirrelwaffle | a6f5ef4aca1db5477e051899e3992e3298b4bacd2877aa9f71dc2168f322b22f

Analysis

max time kernel
118s
max time network
138s
platform
windows7_x64
resource
win7-en-20210920
submitted
26-10-2021 12:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sou.html.3.dll
Size

358KB
MD5

d59f026dcad1221e477378af85dc625a
SHA1

2885bff21d432290b96ec81de0589275bf3756b0
SHA256

a6f5ef4aca1db5477e051899e3992e3298b4bacd2877aa9f71dc2168f322b22f
SHA512

e96ecf1d0e98d01ddff701bcfb78891c1ee7d84f1f4a088d0940675d895a697200abe4b4d6f80b20055b0d654c605f86eba663dc9062c8ede9e884d893e20571

Score

10^/10

squirrelwaffle downloader

Malware Config

Extracted

Family

squirrelwaffle

http://alcorbogaindonesia.com/9poRAbODT

http://mediacionmelipilla.cl/4ugcVLVzG

http://escenachile.cl/qflR3r5quK

http://tuskmelon.com/1i4FIOfE

http://omni-safe.mx/VxkvGWrsNk

http://hitehousepropertydevelopers.com/P5qmwoxY

http://nvamirada.cl/SLilOXk1M

http://promjene.org/40crEYMiWiD

http://anastasiayyc.com/oR7uF1h3VkOv

http://jungla-lat.cl/gvwPyfsAIrt

Signatures

SquirrelWaffle is a simple downloader written in C++.
SquirrelWaffle.
downloader squirrelwaffle

Squirrelwaffle Payload 2 IoCs

resource	yara_rule
behavioral1/memory/524-58-0x0000000075290000-0x00000000752A0000-memory.dmp	squirrelwaffle
behavioral1/memory/524-59-0x0000000075290000-0x0000000075302000-memory.dmp	squirrelwaffle

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 524	1836	rundll32.exe	16
PID 1836 wrote to memory of 524	1836	rundll32.exe	16
PID 1836 wrote to memory of 524	1836	rundll32.exe	16
PID 1836 wrote to memory of 524	1836	rundll32.exe	16
PID 1836 wrote to memory of 524	1836	rundll32.exe	16
PID 1836 wrote to memory of 524	1836	rundll32.exe	16
PID 1836 wrote to memory of 524	1836	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sou.html.3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\sou.html.3.dll,#1
  2⤵
  PID:524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/524-55-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download
memory/524-56-0x0000000075290000-0x0000000075302000-memory.dmp

Filesize
456KB

Download
memory/524-57-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/524-58-0x0000000075290000-0x00000000752A0000-memory.dmp

Filesize
64KB

Download
memory/524-59-0x0000000075290000-0x0000000075302000-memory.dmp

Filesize
456KB

Download