Analysis
-
max time kernel
91s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
25-05-2022 14:31
Static task
static1
Behavioral task
behavioral1
Sample
next_stage.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
next_stage.dll
-
Size
558KB
-
MD5
6eeb4d8cd43879a7b8fb4cf2a2753106
-
SHA1
2bd84ed774ef2a9c789fc5f27cebe1a115fcc1e0
-
SHA256
235720bec0797367013cbdc1fe9bbdde1c5d325235920a1a3e9499485fb72dba
-
SHA512
17447013a73470b4b58cd327da724a703c1105c4fa086a33a7cfa0033d0f79265ceacd7986aadb2f7cddabc8fd2641b90d97b3f28045b1ebb628306c7bc033fb
Malware Config
Signatures
-
Detects SVCReady loader 1 IoCs
resource yara_rule behavioral2/memory/3744-131-0x0000000074DE0000-0x0000000074E71000-memory.dmp family_svcready -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2476 wrote to memory of 3744 2476 rundll32.exe 82 PID 2476 wrote to memory of 3744 2476 rundll32.exe 82 PID 2476 wrote to memory of 3744 2476 rundll32.exe 82