156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596 | Triage

Analysis

max time kernel
153s
max time network
158s
platform
windows10_x64
resource
win10-en-20211014
submitted
13/11/2021, 17:35

Sharing

Report Analysis Logs

General

Target

156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596.dll
Size

50KB
MD5

4c2acbbf873ad268a5ffd94bf824fc5e
SHA1

95b57dd24f794e4f486441cd786e4174101ba440
SHA256

156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596
SHA512

fdd12c6dd723eadd24f824143f05480fea7f50c127d8117dd50bf83695d3374ace225f804df7ae592e671d059ac24d21ce6a4e20fa86de64b006f71283b61288

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 812	3816	regsvr32.exe	68
PID 3816 wrote to memory of 812	3816	regsvr32.exe	68
PID 3816 wrote to memory of 812	3816	regsvr32.exe	68

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\156484ea4614553e22e5356ae521eefb5e90f788090b35c3b388730a80518596.dll
  2⤵
  PID:812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads