svcready | 2347501702e778fadb2ad2c7112fd6f29787f5738749ccf27bd45e15ff30a84a | Triage

Analysis

max time kernel
92s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
resource tags

arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2022 12:09

Sharing

Report Analysis Logs

General

Target

1.dll
Size

1.1MB
MD5

d2bae278b075c9f865e4677d90ab89b6
SHA1

1244f8ee92cbb46343aed523c405182f77c67e62
SHA256

2347501702e778fadb2ad2c7112fd6f29787f5738749ccf27bd45e15ff30a84a
SHA512

ac41cab614cc8287cea2ebdab2264cd0e8567ad0a31553c3d74b56b5d406b622dc79faf09cd731cb33230c8558cae479561eae1cae518b731ee913f9eab7bbb6

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral2/memory/4148-131-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 4148	2160	regsvr32.exe	79
PID 2160 wrote to memory of 4148	2160	regsvr32.exe	79
PID 2160 wrote to memory of 4148	2160	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1.dll
  2⤵
  PID:4148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4148-131-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download