svcready | 41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1 | Triage

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2022 08:40

Sharing

Report Analysis Logs

General

Target

yA6F7.tmp.dll
Size

1.1MB
MD5

222ebf178e46a2be70538ad88da0f26b
SHA1

d15e1e7eb03f561d7bf237f365dfe9672339439f
SHA256

41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1
SHA512

1c4463044b8e5007612c1c10f8dc9bd3a02b0cd00da4a58394b3c4e83a31335924300807cf8b101c9bc901315bb7e8368435ac8c4f8491ebb1720e5968899c4f

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral2/memory/1688-131-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 1688	3544	regsvr32.exe	82
PID 3544 wrote to memory of 1688	3544	regsvr32.exe	82
PID 3544 wrote to memory of 1688	3544	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\yA6F7.tmp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\yA6F7.tmp.dll
  2⤵
  PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1688-131-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download