Analysis
-
max time kernel
136s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
07-06-2022 11:35
Static task
static1
Behavioral task
behavioral1
Sample
y31FF.tmp.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
y31FF.tmp.dll
-
Size
558KB
-
MD5
6cd2a93c20957124f5878204ec3ed726
-
SHA1
853c8a814279422abd0dded0e001011401b12826
-
SHA256
16851d915aaddf29fa2069b79d50fe3a81ecaafd28cde5b77cb531fe5a4e6742
-
SHA512
28069434730710ef08321e1c934d1da8a0f649ed38b9d53a8c3ecc044a747c7f641d022bed42ccb43d912c4447515d9418340ffa778a2a901778360ecb6ee80f
Malware Config
Signatures
-
Detects SVCReady loader 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4208-131-0x0000000075070000-0x0000000075101000-memory.dmp family_svcready -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 4028 wrote to memory of 4208 4028 rundll32.exe 77 PID 4028 wrote to memory of 4208 4028 rundll32.exe 77 PID 4028 wrote to memory of 4208 4028 rundll32.exe 77