Resubmissions
01-11-2021 12:31
211101-pp5r3ahha4 1031-10-2021 09:03
211031-k1bwxacfaq 1014-10-2021 01:44
211014-b6aflafeg4 10Analysis
-
max time kernel
335s -
max time network
3728s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
31-10-2021 09:03
General
-
Target
64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb.dll
-
Size
439KB
-
MD5
22aef4558853a72dd07ff9513a6b9dbf
-
SHA1
52a914b43dfa44910ab649be77a57db631d038ee
-
SHA256
64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb
-
SHA512
550f72f4d6186869893b2dc6536b3ce9bcb7843b0db726a1d9fb118291b1e96d642dfb57369b85ff58c41b38d6c40f6853d1da752f589aa419cb1f4d35381be4
Malware Config
Extracted
squirrelwaffle
http://deanandwilconstruction.com/UXEvfuIlhws
http://arimeto.lv/Nm70oAfwB
http://gitamschool.com/oZbs0Oqw7uv
http://eresourcesmoneymarket.com/JbVwdgaV6l
http://flyershipmanager.com/SGAsORYsywt
-
blocklist
94.46.179.80
206.189.205.251
88.242.66.45
85.75.110.214
87.104.3.136
207.244.91.171
49.230.88.160
91.149.252.75
91.149.252.88
92.211.109.152
178.0.250.168
88.69.16.230
95.223.77.160
99.234.62.23
2.206.105.223
84.222.8.201
89.183.239.142
5.146.132.101
77.7.60.154
45.41.106.122
45.74.72.13
74.58.152.123
88.87.68.197
109.70.100.25
185.67.82.114
207.102.138.19
204.101.161.14
193.128.108.251
111.7.100.17
111.7.100.16
74.125.210.62
74.125.210.36
104.244.74.57
185.220.101.145
185.220.101.144
185.220.101.18
185.220.100.246
185.220.101.228
185.220.100.243
185.220.101.229
185.220.101.147
185.220.102.250
185.220.100.241
199.195.251.84
213.164.204.94
74.125.213.7
74.125.213.9
185.220.100.249
37.71.173.58
93.2.220.100
188.10.191.109
81.36.17.247
70.28.47.118
45.133.172.222
108.41.227.196
37.235.53.46
162.216.47.22
154.3.42.51
45.86.200.60
212.230.181.152
185.192.70.11
37.142.65.69
87.166.51.31
178.198.76.175
128.90.172.136
172.58.227.224
201.77.112.133
64.124.12.162
87.166.51.28
104.244.72.115
109.70.100.23
192.145.127.220
194.186.142.122
185.207.249.217
52.250.42.144
45.86.201.156
195.245.199.125
213.33.190.70
154.61.71.13
154.13.1.22
191.96.185.151
40.94.25.22
40.94.25.39
40.94.25.5
40.94.25.79
40.94.25.69
40.94.25.71
40.94.25.60
40.94.25.64
40.94.25.29
40.94.25.23
40.94.25.89
40.94.26.165
40.94.26.210
40.94.26.208
40.94.26.166
40.94.26.216
40.94.26.173
40.94.26.182
40.94.35.75
40.94.35.97
40.94.35.27
40.94.35.38
40.94.35.46
40.94.35.76
40.94.35.70
40.94.35.80
40.94.35.98
40.94.35.40
45.86.200.23
198.167.212.98
40.94.31.87
40.94.31.85
40.94.31.29
40.94.31.97
40.94.31.88
40.94.31.80
40.94.31.65
198.167.195.112
40.94.31.58
40.94.31.48
40.94.31.64
40.94.31.26
40.94.31.66
40.94.31.90
40.94.31.46
40.94.31.47
212.119.227.184
72.12.194.93
72.12.194.94
72.12.194.92
134.209.213.55
35.198.84.59
89.208.29.2
40.94.30.159
40.94.30.139
40.94.30.152
40.94.30.167
40.94.30.164
40.94.30.166
40.94.30.174
40.94.30.151
154.61.71.53
40.94.30.157
40.94.30.136
40.94.30.149
52.154.162.74
213.33.190.161
83.84.25.214
162.251.62.154
188.241.177.152
92.211.110.221
185.183.107.236
72.12.194.90
40.94.25.36
40.94.29.4
40.94.25.50
40.94.29.31
40.94.25.31
40.94.29.41
40.94.31.5
40.94.25.80
40.94.29.82
40.94.31.81
40.94.25.96
40.94.29.59
40.94.31.3
40.94.25.58
40.94.31.61
40.94.31.49
40.94.31.54
40.94.31.62
40.94.31.70
40.94.30.211
40.94.30.148
40.94.30.218
40.94.30.147
40.94.30.129
40.94.31.15
40.94.30.169
40.94.31.36
40.94.30.223
40.94.30.203
95.211.36.179
64.233.172.102
153.246.206.71
198.167.193.35
90.187.12.209
37.49.116.179
52.167.22.240
160.177.96.15
185.123.143.220
167.99.172.253
40.94.36.81
86.107.21.203
24.37.31.38
71.19.154.84
192.160.102.170
216.251.130.74
49.44.76.43
109.147.65.157
86.217.130.91
178.174.15.54
86.242.244.97
92.46.70.105
81.201.234.26
78.94.217.60
141.226.236.91
95.26.228.102
89.208.29.3
213.33.190.205
213.33.190.121
5.154.174.45
23.154.177.3
195.65.152.138
93.231.174.227
185.220.101.132
54.36.101.21
72.12.194.91
46.14.116.174
141.19.232.57
185.220.101.149
45.74.46.69
157.230.210.133
82.199.130.36
104.237.193.28
187.46.138.56
195.164.49.162
156.146.49.135
195.164.49.191
79.104.209.54
35.245.134.90
20.52.139.186
189.139.144.151
94.31.102.187
39.43.45.71
107.189.10.143
39.43.123.57
106.75.76.179
194.186.142.131
210.22.129.194
45.130.83.77
154.6.16.175
162.247.73.192
107.189.1.160
185.107.47.215
46.166.139.111
185.56.80.65
185.220.100.245
209.141.59.180
77.247.181.163
185.220.101.137
185.220.100.242
104.244.76.13
185.83.214.69
185.220.100.252
185.112.146.73
185.57.82.28
89.187.171.116
66.220.242.222
39.43.72.17
5.171.90.80
185.152.32.77
23.129.64.157
92.151.9.187
106.75.31.237
122.167.79.251
109.70.100.33
199.249.230.154
64.233.172.108
64.233.172.106
64.233.172.104
77.247.181.165
107.189.12.240
79.142.76.203
193.128.114.34
185.92.26.59
185.65.210.119
70.39.159.79
70.39.159.29
151.48.26.15
151.48.26.15
2.228.159.178
188.174.248.154
188.174.248.154
95.90.198.182
95.90.198.182
193.0.200.36
193.0.200.36
151.127.13.232
89.97.249.158
212.115.152.225
185.217.117.179
199.249.230.164
80.233.134.134
109.74.154.92
65.39.88.250
90.84.192.187
37.70.202.24
85.203.45.30
109.190.93.219
151.8.114.194
176.235.38.106
149.56.99.85
138.128.136.169
213.82.23.224
192.42.123.107
128.90.151.188
162.245.206.249
85.203.45.40
95.211.95.242
185.220.102.251
66.203.112.160
193.128.108.246
193.128.108.242
31.204.150.74
34.141.245.25
122.167.85.191
212.6.86.133
171.25.193.25
149.3.170.147
162.247.74.217
109.70.100.34
89.208.29.5
79.104.209.91
79.104.209.157
194.186.142.205
198.167.217.20
198.167.193.112
204.101.161.31
198.167.219.82
195.74.76.222
87.118.110.27
185.247.225.43
193.128.108.250
188.212.135.7
106.75.75.245
86.142.177.106
185.192.69.77
198.167.209.37
59.144.163.235
193.128.108.243
31.204.152.150
87.166.49.39
82.127.202.176
58.40.175.6
92.222.212.17
88.123.105.51
45.114.130.4
216.251.130.75
187.22.129.46
187.22.129.46
45.153.160.129
80.155.50.158
80.155.50.158
212.234.209.161
213.9.159.210
88.149.207.35
88.149.207.35
88.149.207.35
37.159.148.162
151.8.6.86
91.62.233.251
109.3.219.42
109.3.219.42
109.3.219.42
196.23.168.132
192.87.28.103
207.244.70.35
79.104.209.172
89.208.29.6
195.239.51.18
79.104.209.52
194.154.78.73
185.220.102.240
109.70.100.27
208.68.5.17
185.191.124.143
45.153.160.130
163.172.213.212
193.128.108.245
51.83.131.42
109.62.69.3
109.62.69.3
147.135.68.11
209.58.188.133
193.128.108.253
94.242.243.171
185.183.106.148
185.220.102.248
109.70.100.20
37.58.58.249
69.167.10.41
109.62.69.2
45.141.56.7
104.244.74.55
193.128.108.247
185.31.175.243
45.61.185.125
185.57.82.27
122.182.203.3
82.221.105.78
37.187.196.70
45.153.160.138
89.163.252.12
193.128.108.252
198.167.199.100
198.167.199.106
70.39.116.252
193.128.108.248
188.43.68.132
79.104.209.46
213.33.190.122
95.25.38.53
80.255.7.72
212.119.227.132
212.119.227.169
194.186.142.52
38.132.118.67
37.120.143.139
193.128.108.249
66.249.88.48
66.249.88.50
66.249.88.46
104.244.74.28
198.96.155.3
205.185.124.200
109.70.100.36
193.189.100.202
185.31.175.215
84.147.60.16
45.242.1.134
5.22.190.138
84.147.62.235
89.208.29.7
194.154.78.130
106.75.66.75
185.217.1.11
103.254.153.204
198.167.201.23
185.31.175.231
23.184.48.9
18.27.197.252
107.189.11.153
128.199.56.132
104.248.166.43
192.145.127.221
185.100.87.202
94.46.179.80
206.189.205.251
178.255.172.194
84.221.205.40
155.138.242.103
178.212.98.156
85.65.32.191
31.167.184.201
88.242.66.45
36.65.102.42
203.213.127.79
85.75.110.214
93.78.214.187
204.152.81.185
183.171.72.218
168.194.101.130
87.104.3.136
92.211.196.33
197.92.140.125
207.244.91.171
49.230.88.160
196.74.16.153
91.149.252.75
91.149.252.88
92.206.15.202
82.21.114.63
92.211.109.152
178.0.250.168
178.203.145.135
85.210.36.4
199.83.207.72
86.132.134.203
88.69.16.230
99.247.129.88
37.201.195.12
87.140.192.0
88.152.185.188
87.156.177.91
99.229.57.160
95.223.77.160
88.130.54.214
99.234.62.23
2.206.105.223
94.134.179.130
84.221.255.199
84.222.8.201
89.183.239.142
87.158.21.26
93.206.148.216
5.146.132.101
77.7.60.154
95.223.75.85
162.254.173.187
50.99.254.163
45.41.106.122
99.237.13.3
45.74.72.13
108.171.64.202
74.58.152.123
216.209.253.121
88.87.68.197
211.107.25.121
109.70.100.25
185.67.82.114
207.102.138.19
204.101.161.14
193.128.108.251
111.7.100.17
111.7.100.16
74.125.210.62
74.125.210.36
104.244.74.57
185.220.101.145
185.220.101.144
185.220.101.18
185.220.100.246
185.220.101.228
185.220.100.243
185.220.101.229
185.220.101.147
185.220.102.250
185.220.100.241
199.195.251.84
213.164.204.94
74.125.213.7
74.125.213.9
177.38.183.13
185.220.100.249
85.55.1.73
85.55.1.73
37.71.173.58
82.65.34.224
93.2.220.100
188.10.191.109
24.100.23.115
81.36.17.247
90.161.75.4
213.194.157.212
117.211.140.154
Signatures
-
SquirrelWaffle is a simple downloader written in C++.
SquirrelWaffle.
-
Squirrelwaffle Payload 2 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 7003⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1908-118-0x0000000000000000-mapping.dmp
-
memory/1908-119-0x0000000003150000-0x000000000329A000-memory.dmpFilesize
1.3MB
-
memory/1908-120-0x0000000005100000-0x0000000005114000-memory.dmpFilesize
80KB
-
memory/1908-121-0x0000000005130000-0x0000000005142000-memory.dmpFilesize
72KB