Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
25-05-2022 14:31
Static task
static1
Behavioral task
behavioral1
Sample
next_stage.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
next_stage.dll
-
Size
558KB
-
MD5
6eeb4d8cd43879a7b8fb4cf2a2753106
-
SHA1
2bd84ed774ef2a9c789fc5f27cebe1a115fcc1e0
-
SHA256
235720bec0797367013cbdc1fe9bbdde1c5d325235920a1a3e9499485fb72dba
-
SHA512
17447013a73470b4b58cd327da724a703c1105c4fa086a33a7cfa0033d0f79265ceacd7986aadb2f7cddabc8fd2641b90d97b3f28045b1ebb628306c7bc033fb
Malware Config
Signatures
-
Detects SVCReady loader 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1664-56-0x0000000074C20000-0x0000000074CB1000-memory.dmp family_svcready -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 1948 wrote to memory of 1664 1948 rundll32.exe 28 PID 1948 wrote to memory of 1664 1948 rundll32.exe 28 PID 1948 wrote to memory of 1664 1948 rundll32.exe 28 PID 1948 wrote to memory of 1664 1948 rundll32.exe 28 PID 1948 wrote to memory of 1664 1948 rundll32.exe 28 PID 1948 wrote to memory of 1664 1948 rundll32.exe 28 PID 1948 wrote to memory of 1664 1948 rundll32.exe 28