squirrelwaffle | 10ce13aee1e7d1b721cd603d4fb1b982536320b0fe3d653a63ace64be07bef70

Analysis

max time kernel
164s
max time network
162s
platform
windows10_x64
resource
win10-en-20211208
submitted
30-01-2022 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10ce13aee1e7d1b721cd603d4fb1b982536320b0fe3d653a63ace64be07bef70.dll
Size

222KB
MD5

7eb4034270fbb83f85e90841f3d2a871
SHA1

a7a97668136813a5d153865155e53554f288a0dd
SHA256

10ce13aee1e7d1b721cd603d4fb1b982536320b0fe3d653a63ace64be07bef70
SHA512

14999c497f6d7b9413e28061a1117d3f8d4dc0d3d12f8c0717298d26611f22b0fb5b83f503e46dd5a603e01535e59e7cc6d7297230b5a8032b3959b877ac36e8

Score

10^/10

squirrelwaffle downloader suricata

Malware Config

Extracted

Family

squirrelwaffle

http://pop.vicamtaynam.com/VtyiHAft

http://snsvidyapeeth.in/aXmo2Dr3

http://trinitytesttubebaby.com/QR2JvfE3Sv

http://iconskw.com/cqdPtAbZ

http://ebookchuyennganh.com/v9PMvQDxHK8W

http://alsader.net/BHdQaiQ9rt

http://avyanshglobal.com/6pYjPlqf

http://primahills-online.com/ypCiZn7tMx

http://antoniocastroycia.com.co/WHe08obY

http://apexbiotech.net/VQgunQ4t5Ue

http://vscm.in/V3tYKxDz

http://sinaloworx.co.za/3GilA8Eo3r

http://dancongnghe.xyz/yRByhX6J3REI

http://trajesuniformes.com.br/qQofZMaJm

http://fiorenzapaes.com.br/PGYpETW7

http://astetinternational.com/arW5e44Y7vzO

http://razisystem.ir/MqvvkX0cWvn

http://krishnaiti.org.in/rWA02HQY4

Signatures

SquirrelWaffle is a simple downloader written in C++.
SquirrelWaffle.
downloader squirrelwaffle
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata: ET MALWARE SQUIRRELWAFFLE Loader Activity (POST)
suricata

Squirrelwaffle Payload 1 IoCs

resource	yara_rule
behavioral2/memory/3400-119-0x0000000010000000-0x0000000014030000-memory.dmp	squirrelwaffle

Blocklisted process makes network request 5 IoCs

flow	pid	Process
16	3400	rundll32.exe
28	3400	rundll32.exe
40	3400	rundll32.exe
49	3400	rundll32.exe
55	3400	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 3400	3404	rundll32.exe	68
PID 3404 wrote to memory of 3400	3404	rundll32.exe	68
PID 3404 wrote to memory of 3400	3404	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\10ce13aee1e7d1b721cd603d4fb1b982536320b0fe3d653a63ace64be07bef70.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\10ce13aee1e7d1b721cd603d4fb1b982536320b0fe3d653a63ace64be07bef70.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:3400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3400-118-0x0000000004460000-0x000000000847A000-memory.dmp

Filesize
64.1MB

Download
memory/3400-119-0x0000000010000000-0x0000000014030000-memory.dmp

Filesize
64.2MB

Download