9bf4028b6581222692b1475d5d804e6985d964eaadc2b22c144fbac21e726ad9 | Triage

Analysis

max time kernel
163s
max time network
177s
platform
windows10_x64
resource
win10-en-20211104
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

9bf4028b6581222692b1475d5d804e6985d964eaadc2b22c144fbac21e726ad9.dll
Size

72KB
MD5

140c6ab215c5cb1598e096e0544a3c11
SHA1

172f8ce336ded3e9f3cf3b8632954c86b359df62
SHA256

9bf4028b6581222692b1475d5d804e6985d964eaadc2b22c144fbac21e726ad9
SHA512

f8c37bf719f3056d92cd26c7ccaf25aa4d9ee432e8e01076036698d056b91a6418f6b2f5f7eace1f23c1808d426d20c62a9e3dee696e219b54cebb4413b237c0

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 4032	3928	regsvr32.exe	69
PID 3928 wrote to memory of 4032	3928	regsvr32.exe	69
PID 3928 wrote to memory of 4032	3928	regsvr32.exe	69

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9bf4028b6581222692b1475d5d804e6985d964eaadc2b22c144fbac21e726ad9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9bf4028b6581222692b1475d5d804e6985d964eaadc2b22c144fbac21e726ad9.dll
  2⤵
  PID:4032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads