svcready | 41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1 | Triage

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
26-07-2022 08:40

Sharing

Report Analysis Logs

General

Target

yA6F7.tmp.dll
Size

1.1MB
MD5

222ebf178e46a2be70538ad88da0f26b
SHA1

d15e1e7eb03f561d7bf237f365dfe9672339439f
SHA256

41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1
SHA512

1c4463044b8e5007612c1c10f8dc9bd3a02b0cd00da4a58394b3c4e83a31335924300807cf8b101c9bc901315bb7e8368435ac8c4f8491ebb1720e5968899c4f

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral1/memory/1984-57-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Program crash 1 IoCs

pid	pid_target	Process	procid_target
988	1984	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1984	904	regsvr32.exe	27
PID 904 wrote to memory of 1984	904	regsvr32.exe	27
PID 904 wrote to memory of 1984	904	regsvr32.exe	27
PID 904 wrote to memory of 1984	904	regsvr32.exe	27
PID 904 wrote to memory of 1984	904	regsvr32.exe	27
PID 904 wrote to memory of 1984	904	regsvr32.exe	27
PID 904 wrote to memory of 1984	904	regsvr32.exe	27
PID 1984 wrote to memory of 988	1984	regsvr32.exe	28
PID 1984 wrote to memory of 988	1984	regsvr32.exe	28
PID 1984 wrote to memory of 988	1984	regsvr32.exe	28
PID 1984 wrote to memory of 988	1984	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\yA6F7.tmp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\yA6F7.tmp.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1984
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 300
    3⤵
    - Program crash
    PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/904-54-0x000007FEFC2C1000-0x000007FEFC2C3000-memory.dmp

Filesize
8KB

Download
memory/1984-56-0x00000000766A1000-0x00000000766A3000-memory.dmp

Filesize
8KB

Download
memory/1984-57-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download