svcready | b597e5634394ef9ac271af839753cc4cae07343193d01997d1e7d6cdc33956ff | Triage

Resubmissions

27-07-2022 10:09

220727-l626qagda4 10

27-07-2022 08:51

220727-kscs8sffh8 10

Analysis

max time kernel
234s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2022 10:09

Sharing

Report Analysis Logs

General

Target

y414E.tmp.dll
Size

1.2MB
MD5

924fa82e5eb7ef7e2c1374cebde74ca4
SHA1

0d4a96d452ab6a3f2cb751a75e710defa5f829a1
SHA256

b597e5634394ef9ac271af839753cc4cae07343193d01997d1e7d6cdc33956ff
SHA512

f836569444e50adf45fe631ed5c59c79d69c7c0f35c497a3f4d8ecc18c91a08a8094815f064e0307b44554047806991d7ca0968e830b9fed12e65420a0a6f131

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral1/memory/700-131-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3792 wrote to memory of 700	3792	regsvr32.exe	81
PID 3792 wrote to memory of 700	3792	regsvr32.exe	81
PID 3792 wrote to memory of 700	3792	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\y414E.tmp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\y414E.tmp.dll
  2⤵
  PID:700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/700-131-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download