Analysis
-
max time kernel
39s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-06-2022 11:35
Static task
static1
Behavioral task
behavioral1
Sample
y31FF.tmp.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
y31FF.tmp.dll
-
Size
558KB
-
MD5
6cd2a93c20957124f5878204ec3ed726
-
SHA1
853c8a814279422abd0dded0e001011401b12826
-
SHA256
16851d915aaddf29fa2069b79d50fe3a81ecaafd28cde5b77cb531fe5a4e6742
-
SHA512
28069434730710ef08321e1c934d1da8a0f649ed38b9d53a8c3ecc044a747c7f641d022bed42ccb43d912c4447515d9418340ffa778a2a901778360ecb6ee80f
Malware Config
Signatures
-
Detects SVCReady loader 1 IoCs
resource yara_rule behavioral1/memory/1888-56-0x0000000074480000-0x0000000074511000-memory.dmp family_svcready -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1868 wrote to memory of 1888 1868 rundll32.exe 26 PID 1868 wrote to memory of 1888 1868 rundll32.exe 26 PID 1868 wrote to memory of 1888 1868 rundll32.exe 26 PID 1868 wrote to memory of 1888 1868 rundll32.exe 26 PID 1868 wrote to memory of 1888 1868 rundll32.exe 26 PID 1868 wrote to memory of 1888 1868 rundll32.exe 26 PID 1868 wrote to memory of 1888 1868 rundll32.exe 26