Analysis
-
max time kernel
44s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-06-2022 11:35
Static task
static1
Behavioral task
behavioral1
Sample
y5CAB.tmp.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
y5CAB.tmp.dll
-
Size
559KB
-
MD5
6eefce6e0b2c458abf2665663cb73c2b
-
SHA1
563b082e19594876e8b84f22cb49b0fc4eb66a25
-
SHA256
39c955c9e906075c11948edd79ffc6d6fcc5b5e3ac336231f52c3b03e718371e
-
SHA512
44fe4de02f3b21a62e3e0f3f4b49f071028e28d9748caa137c9f9ac3fbb7f59b6daa18592a661471dedc3f78c5fc451e9f503cf1a847b578b695e106f5cb4dfe
Malware Config
Signatures
-
Detects SVCReady loader 2 IoCs
resource yara_rule behavioral1/memory/1668-56-0x0000000010000000-0x0000000010091000-memory.dmp family_svcready behavioral1/memory/1668-57-0x0000000010000000-0x0000000010091000-memory.dmp family_svcready -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1452 wrote to memory of 1668 1452 rundll32.exe 28 PID 1452 wrote to memory of 1668 1452 rundll32.exe 28 PID 1452 wrote to memory of 1668 1452 rundll32.exe 28 PID 1452 wrote to memory of 1668 1452 rundll32.exe 28 PID 1452 wrote to memory of 1668 1452 rundll32.exe 28 PID 1452 wrote to memory of 1668 1452 rundll32.exe 28 PID 1452 wrote to memory of 1668 1452 rundll32.exe 28