svcready | 615519a5865324398662b7a1d9cab1ac5ffbca4de78713d9a8813135d5c117f1 | Triage

Analysis

max time kernel
499s
max time network
503s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2022 11:35

Sharing

Report Analysis Logs

General

Target

payload.dll
Size

1.3MB
MD5

f2b499f84ad9ebf8a399a44e28238523
SHA1

17ac7422766b613a649aecfe3c9da7cdbb941df9
SHA256

615519a5865324398662b7a1d9cab1ac5ffbca4de78713d9a8813135d5c117f1
SHA512

8bf2eee21938bebcd858a3b2a9f28e073b8a340426dc6bff4fd3fd2ef19a27a96d3918baa198d340ad516e5e56133c817dc93baab9aa2d543c628048dffc18bc

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral2/memory/4704-131-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4704	3472	regsvr32.exe	80
PID 3472 wrote to memory of 4704	3472	regsvr32.exe	80
PID 3472 wrote to memory of 4704	3472	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\payload.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\payload.dll
  2⤵
  PID:4704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4704-131-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download