svcready | 64583aa980ff5d3e903c5fc00f835d1043bc5c2d2d41fd098275280fdddc21a1 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 20:02

Sharing

Report Analysis Logs

General

Target

e44c9e081bb49e9b52f49d621a183eed0b2be02f.dll
Size

872KB
MD5

a84fc1d210de76f4b5e4434bacfc6d84
SHA1

e44c9e081bb49e9b52f49d621a183eed0b2be02f
SHA256

64583aa980ff5d3e903c5fc00f835d1043bc5c2d2d41fd098275280fdddc21a1
SHA512

c44a9fc2dd1f8d897a71ad4bb4d0801ec328c2ca046de92da3e4b61bf254e8b879925f9b62f963d34578956ef8374ac6f320b51819c23c648c78e920dfbc7a12

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/308-57-0x00000000008A0000-0x000000000097E000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 1172 wrote to memory of 308	1172	rundll32.exe	27
PID 1172 wrote to memory of 308	1172	rundll32.exe	27
PID 1172 wrote to memory of 308	1172	rundll32.exe	27
PID 1172 wrote to memory of 308	1172	rundll32.exe	27
PID 1172 wrote to memory of 308	1172	rundll32.exe	27
PID 1172 wrote to memory of 308	1172	rundll32.exe	27
PID 1172 wrote to memory of 308	1172	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e44c9e081bb49e9b52f49d621a183eed0b2be02f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e44c9e081bb49e9b52f49d621a183eed0b2be02f.dll,#1
  2⤵
  PID:308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/308-54-0x0000000000000000-mapping.dmp

Download
memory/308-55-0x0000000075261000-0x0000000075263000-memory.dmp

Filesize
8KB

Download
memory/308-56-0x00000000008A0000-0x000000000097E000-memory.dmp

Filesize
888KB

Download
memory/308-57-0x00000000008A0000-0x000000000097E000-memory.dmp

Filesize
888KB

Download
memory/308-61-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download