Overview

overview

10

Static

static

3

8d0468f5cf...18.dll

windows7-x64

4

8d0468f5cf...18.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/11/2024, 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d0468f5cf3996d7b32688c7d243c666_JaffaCakes118.dll

  • Size

    369KB

  • MD5

    8d0468f5cf3996d7b32688c7d243c666

  • SHA1

    88dbc7c0402e98601977c82c582cfda4ad062496

  • SHA256

    8a7152fb0c3fc586850b9e574e1c9335121eda49ee526b23e9f39f0326f22cab

  • SHA512

    a73ed9ad691f1c198be76cf27ab035648743eb9f3d260943bf83794743174cd49b8f9002b3adcd0422d41e1260cbdb03c4674d849d0dd03f924deb8e208d9071

  • SSDEEP

    3072:80QXXzUY3z5Volw9sShsB1NJt8TBg7R7A+aMk6/WbM6o2FrMKhmvSIinUqezz:80sVj/ol8YLL6+aMk6/GM6LGKZnUD

Score
10/10
squirrelwafflediscoverydownloader

Malware Config

Extracted

Family

squirrelwaffle

C2

http://msrsac.com/nvaaLwe9

http://u522712.gluweb.nl/n2fshwgq

http://serverplanner.com/LkkAWHLc8

http://bengali.iu.ac.bd/xNM4FTUzqRRk

http://owfix.net/NVNCI3qMl4

http://pcbsi.com.ph/IcLNSd9sO

http://enlacelaboral.com/3cKldxdt
Attributes
  • blocklist

    94.46.179.80

    206.189.205.251

    88.242.66.45

    36.65.102.42

    85.75.110.214

    93.78.214.187

    87.104.3.136

    207.244.91.171

    49.230.88.160

    91.149.252.75

    91.149.252.88

    92.211.109.152

    178.0.250.168

    178.203.145.135

    88.69.16.230

    95.223.77.160

    99.234.62.23

    2.206.105.223

    84.222.8.201

    89.183.239.142

    93.206.148.216

    5.146.132.101

    77.7.60.154

    45.41.106.122

    45.74.72.13

    74.58.152.123

    88.87.68.197

    211.107.25.121

    109.70.100.25

    185.67.82.114

Signatures

  • SquirrelWaffle is a simple downloader written in C++.

    SquirrelWaffle.

    downloadersquirrelwaffle
  • Squirrelwaffle family
    squirrelwaffle
  • Squirrelwaffle payload 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8d0468f5cf3996d7b32688c7d243c666_JaffaCakes118.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5020
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\8d0468f5cf3996d7b32688c7d243c666_JaffaCakes118.dll
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/784-0-0x0000000010004000-0x0000000010006000-memory.dmp

    Filesize

    8KB

    Download

  • memory/784-1-0x0000000010000000-0x000000001005E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/784-2-0x0000000010000000-0x000000001005E000-memory.dmp

    Filesize

    376KB

    Download