svcready | af94ea70ed0693bd753648d593bb53ce6a6a6075d8be37b5e09788e50d2189e6 | Triage

Analysis

max time kernel
101s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2022 16:15

Sharing

Report Analysis Logs

General

Target

yDF97.tmp.dll
Size

1.2MB
MD5

80ca8219bc7b0d6d1ad5c24362e50487
SHA1

267db840b0c45e46320c95e1df05b8f641b2a4d6
SHA256

af94ea70ed0693bd753648d593bb53ce6a6a6075d8be37b5e09788e50d2189e6
SHA512

c76a7954fb8817937cbd50d676403977ff6e0d187b442e3d968d18a32cba107114536e55beb61eef4e20181446ce265b62f78aebdab7c6ed9c507c19dbd25040

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2248-131-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1996 wrote to memory of 2248	1996	regsvr32.exe	regsvr32.exe
PID 1996 wrote to memory of 2248	1996	regsvr32.exe	regsvr32.exe
PID 1996 wrote to memory of 2248	1996	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\yDF97.tmp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\yDF97.tmp.dll
  2⤵
  PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2248-130-0x0000000000000000-mapping.dmp

Download
memory/2248-131-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download