Overview

overview

10

Static

static

svc.dll

windows7-x64

10

svc.dll

windows10-2004-x64

10

Resubmissions

31-08-2022 20:26

220831-y73vvsbcfr 10

21-07-2022 06:01

220721-gq558adfdn 10

20-07-2022 17:02

220720-vj4wgacebl 10

Analysis

  • max time kernel
    96s
  • max time network
    177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220718-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220718-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2022 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    svc.dll

  • Size

    1.2MB

  • MD5

    5a800c0c43e7ef2abca922ef59cbdb57

  • SHA1

    541127b4c63917a8ad767cc5f9f7cb2f3ba35a4a

  • SHA256

    a9f95fd06a5444a4c5d0d4c553a81a4f5f421aea9e07f2bb6b270183f19b7a49

  • SHA512

    7d9bd3461fa5182f7b998253972f1916fb0adde7c55ae078b13db7af9ee1ed86881b2ffe9dfd8ed9e163323f38775b5ae0ea7d8d8e2658dba0f5aff161752f5e

Score
10/10
svcreadyloader

Malware Config

Signatures

  • Detects SVCReady loader 1 IoCs
  • SVCReady

    SVCReady is a malware loader first seen in April 2022.

    loadersvcready
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\svc.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4308
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\svc.dll
      2⤵
        PID:3852

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3852-130-0x0000000000000000-mapping.dmp

      Download

    • memory/3852-131-0x0000000010000000-0x0000000010091000-memory.dmp

      Filesize

      580KB

      Download