svcready | f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6 | Triage

Analysis

max time kernel
137s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
11-07-2022 19:28

Sharing

Report Analysis Logs

General

Target

f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6.dll
Size

825KB
MD5

bc728989674865a198aa7ec34a4eac10
SHA1

227ac19bdf420f3a419d0b9a35f02c02b685324f
SHA256

f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6
SHA512

757e532fa959262c0aaf803a2ec5f269a6a92938a6a52aceca698873f300ee5d941e1e041a5cde63c6f83053a4d511fb274409d739e27da04d979e2643d30555

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral2/memory/2608-131-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2608	2968	regsvr32.exe	82
PID 2968 wrote to memory of 2608	2968	regsvr32.exe	82
PID 2968 wrote to memory of 2608	2968	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6.dll
  2⤵
  PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2608-131-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download