4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc | Triage

Analysis

max time kernel
160s
max time network
172s
platform
windows10_x64
resource
win10-en-20211104
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc.dll
Size

72KB
MD5

a0236a1281f115b509c1cfed29e1da6c
SHA1

ebe16eadf9d1ba199f59e45626bb07c38be39f45
SHA256

4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc
SHA512

1266dcfed2c9ed6dedf98c66770fd3c2dc5a18793fb872e2f70ba5d3575c0e3330084b635090efad4c194f39dd02db360fae4b9ea8f6f832a382defcb6c5c9fe

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata

Blocklisted process makes network request 5 IoCs

flow	pid	Process
28	504	rundll32.exe
30	504	rundll32.exe
35	504	rundll32.exe
38	504	rundll32.exe
41	504	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 504	3740	rundll32.exe	68
PID 3740 wrote to memory of 504	3740	rundll32.exe	68
PID 3740 wrote to memory of 504	3740	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a17ba3c9d23d3b88fe2c87cfbfa1d09becfc57663ec1871e87b52ab96c16ccc.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads