svcready | f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6 | Triage

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
11-07-2022 19:28

Sharing

Report Analysis Logs

General

Target

f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6.dll
Size

825KB
MD5

bc728989674865a198aa7ec34a4eac10
SHA1

227ac19bdf420f3a419d0b9a35f02c02b685324f
SHA256

f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6
SHA512

757e532fa959262c0aaf803a2ec5f269a6a92938a6a52aceca698873f300ee5d941e1e041a5cde63c6f83053a4d511fb274409d739e27da04d979e2643d30555

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral1/memory/1064-57-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1064	1644	regsvr32.exe	28
PID 1644 wrote to memory of 1064	1644	regsvr32.exe	28
PID 1644 wrote to memory of 1064	1644	regsvr32.exe	28
PID 1644 wrote to memory of 1064	1644	regsvr32.exe	28
PID 1644 wrote to memory of 1064	1644	regsvr32.exe	28
PID 1644 wrote to memory of 1064	1644	regsvr32.exe	28
PID 1644 wrote to memory of 1064	1644	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6.dll
  2⤵
  PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1064-56-0x00000000769D1000-0x00000000769D3000-memory.dmp

Filesize
8KB

Download
memory/1064-57-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download
memory/1644-54-0x000007FEFC331000-0x000007FEFC333000-memory.dmp

Filesize
8KB

Download