d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167 | Triage

Analysis

max time kernel
158s
max time network
133s
platform
windows10_x64
resource
win10-en-20211104
submitted
13-11-2021 17:36

Sharing

Report Analysis Logs

General

Target

d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.dll
Size

76KB
MD5

e8ae3940c30296d494e534e0379f15d6
SHA1

3bcb5e7bc9c317c3c067f36d7684a419da79506c
SHA256

d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167
SHA512

d07b8e684fc1c7a103b64b46d777091bb79103448e91f862c12f0080435feff1c9e907472b7fd4e236ff0b0a8e90dbbaaac202e2238f95578fed1ff6f5247386

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 3612	3576	regsvr32.exe	69
PID 3576 wrote to memory of 3612	3576	regsvr32.exe	69
PID 3576 wrote to memory of 3612	3576	regsvr32.exe	69

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.dll
  2⤵
  PID:3612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads