Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    25-05-2022 14:31

General

  • Target

    next_stage.dll

  • Size

    558KB

  • MD5

    6eeb4d8cd43879a7b8fb4cf2a2753106

  • SHA1

    2bd84ed774ef2a9c789fc5f27cebe1a115fcc1e0

  • SHA256

    235720bec0797367013cbdc1fe9bbdde1c5d325235920a1a3e9499485fb72dba

  • SHA512

    17447013a73470b4b58cd327da724a703c1105c4fa086a33a7cfa0033d0f79265ceacd7986aadb2f7cddabc8fd2641b90d97b3f28045b1ebb628306c7bc033fb

Score
10/10

Malware Config

Signatures

  • Detects SVCReady loader 1 IoCs
  • SVCReady

    SVCReady is a malware loader first seen in April 2022.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\next_stage.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\next_stage.dll,#1
      2⤵
        PID:1664

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1664-55-0x00000000754A1000-0x00000000754A3000-memory.dmp

      Filesize

      8KB

    • memory/1664-56-0x0000000074C20000-0x0000000074CB1000-memory.dmp

      Filesize

      580KB