Analysis

  • max time kernel
    39s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    07-06-2022 11:35

General

  • Target

    y31FF.tmp.dll

  • Size

    558KB

  • MD5

    6cd2a93c20957124f5878204ec3ed726

  • SHA1

    853c8a814279422abd0dded0e001011401b12826

  • SHA256

    16851d915aaddf29fa2069b79d50fe3a81ecaafd28cde5b77cb531fe5a4e6742

  • SHA512

    28069434730710ef08321e1c934d1da8a0f649ed38b9d53a8c3ecc044a747c7f641d022bed42ccb43d912c4447515d9418340ffa778a2a901778360ecb6ee80f

Score
10/10

Malware Config

Signatures

  • Detects SVCReady loader 1 IoCs
  • SVCReady

    SVCReady is a malware loader first seen in April 2022.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\y31FF.tmp.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\y31FF.tmp.dll,#1
      2⤵
        PID:1888

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1888-55-0x00000000759E1000-0x00000000759E3000-memory.dmp

      Filesize

      8KB

    • memory/1888-56-0x0000000074480000-0x0000000074511000-memory.dmp

      Filesize

      580KB