Analysis
-
max time kernel
132s -
max time network
142s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
30-01-2022 15:38
General
-
Target
2fd56c4de1db7097a3c2545e2ebb70f83d6c0ee9ebe3c70b80b8a3f29267c7a6.dll
-
Size
322KB
-
MD5
7838f2a7503355dfeaa7d097158a55d3
-
SHA1
94a0fc34b3220f40d9ba8cfc9a26eaf78305214a
-
SHA256
2fd56c4de1db7097a3c2545e2ebb70f83d6c0ee9ebe3c70b80b8a3f29267c7a6
-
SHA512
c9e3c966054f67f956f59ef19505a17b013635b23aebc54906cff476deffb8209372deef28a82ee5fc0c090b0046cb34c4b41ffbfcae3073f46d40fc270df35b
Malware Config
Extracted
squirrelwaffle
http://atertreat.in/5iPPVRKPPX9
http://incentivaconsultores.com.co/55jHpKCc9DWy
http://cdelean.org/0qvbbmu9g
http://bazy.ps/M6SjrMSYC
http://sukmabali.com/ZXxcLYs3rzRQ
http://bugwilliam.tk/cbB56YrugdbW
http://bestbeatsgh.com/42D7OwuPen
http://krumaila.com/UZ4NdDoDh4Tu
http://razehub.com/NN70nExbtLO
http://arcb.ro/aHUUNxE3Me5
http://cfmi.tg/m40YS6gDO0
http://sweetlittle.mx/ZCXP0dT2h
http://alkimia-prod.com/nT0imyzmo
http://almexperts.co.za/fEoJ3pdWZbF
Signatures
-
SquirrelWaffle is a simple downloader written in C++.
SquirrelWaffle.
-
Squirrelwaffle Payload 1 IoCs
-
Blocklisted process makes network request 5 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2fd56c4de1db7097a3c2545e2ebb70f83d6c0ee9ebe3c70b80b8a3f29267c7a6.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2fd56c4de1db7097a3c2545e2ebb70f83d6c0ee9ebe3c70b80b8a3f29267c7a6.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2800-115-0x0000000000E30000-0x0000000000E53000-memory.dmpFilesize
140KB
-
memory/2800-116-0x0000000010000000-0x000000001004D000-memory.dmpFilesize
308KB