Analysis
-
max time kernel
134s -
max time network
143s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
21-01-2022 23:20
General
-
Target
aa3ff385ea80149fddbc8dbec7b7a5cd4071da3dc6133dbe35efdc33a6db06b0.dll
-
Size
318KB
-
MD5
18e015758c96c940e1303d0be78d7630
-
SHA1
b3548fedf1fe5cdfc143fec47fca3fdedf1ec312
-
SHA256
aa3ff385ea80149fddbc8dbec7b7a5cd4071da3dc6133dbe35efdc33a6db06b0
-
SHA512
8f7cf002d255ee20be5924be50c6e263a9cddc34d0c479a9ab0a3860b5ad4c114979bf7922ae755094a23546dd0f21f1d759742e3d8758cf987d67af4f47b6b0
Malware Config
Extracted
squirrelwaffle
http://atertreat.in/5iPPVRKPPX9
http://incentivaconsultores.com.co/55jHpKCc9DWy
http://cdelean.org/0qvbbmu9g
http://bazy.ps/M6SjrMSYC
http://sukmabali.com/ZXxcLYs3rzRQ
http://bugwilliam.tk/cbB56YrugdbW
http://bestbeatsgh.com/42D7OwuPen
http://krumaila.com/UZ4NdDoDh4Tu
http://razehub.com/NN70nExbtLO
http://arcb.ro/aHUUNxE3Me5
http://cfmi.tg/m40YS6gDO0
http://sweetlittle.mx/ZCXP0dT2h
http://alkimia-prod.com/nT0imyzmo
http://almexperts.co.za/fEoJ3pdWZbF
Signatures
-
SquirrelWaffle is a simple downloader written in C++.
SquirrelWaffle.
-
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
-
Squirrelwaffle Payload 1 IoCs
-
Blocklisted process makes network request 5 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\aa3ff385ea80149fddbc8dbec7b7a5cd4071da3dc6133dbe35efdc33a6db06b0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\aa3ff385ea80149fddbc8dbec7b7a5cd4071da3dc6133dbe35efdc33a6db06b0.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2656-118-0x0000000003390000-0x00000000033B3000-memory.dmpFilesize
140KB
-
memory/2656-119-0x0000000010000000-0x000000001004D000-memory.dmpFilesize
308KB