svcready | c30bb0a4acaee1617f4371d6184c31749de411b27f110c1e982ea69444134247 | Triage

Analysis

max time kernel
44s
max time network
47s
platform
windows7_x64
resource
win7-20220718-en
resource tags

arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
submitted
30-07-2022 00:23

Sharing

Report Analysis Logs

General

Target

y7F6A.tmp.dll
Size

1.2MB
MD5

c7e12aa82835a11c3d70bc95b4f96cd3
SHA1

af47bae95088117667c0033b394cddc2855af853
SHA256

c30bb0a4acaee1617f4371d6184c31749de411b27f110c1e982ea69444134247
SHA512

9c3b7c757a02332cfd02a6eb8c7b5fcbe357aa5b661b2daee45f920e6c0f28825db680f62279e8ba22d8723b0d017cdb1e9d1d07425427cacf2e4617b6121fc8

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral1/memory/848-57-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Program crash 1 IoCs

pid	pid_target	Process	procid_target
976	848	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 848	1800	regsvr32.exe	27
PID 1800 wrote to memory of 848	1800	regsvr32.exe	27
PID 1800 wrote to memory of 848	1800	regsvr32.exe	27
PID 1800 wrote to memory of 848	1800	regsvr32.exe	27
PID 1800 wrote to memory of 848	1800	regsvr32.exe	27
PID 1800 wrote to memory of 848	1800	regsvr32.exe	27
PID 1800 wrote to memory of 848	1800	regsvr32.exe	27
PID 848 wrote to memory of 976	848	regsvr32.exe	28
PID 848 wrote to memory of 976	848	regsvr32.exe	28
PID 848 wrote to memory of 976	848	regsvr32.exe	28
PID 848 wrote to memory of 976	848	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\y7F6A.tmp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\y7F6A.tmp.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:848
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 300
    3⤵
    - Program crash
    PID:976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/848-56-0x0000000076291000-0x0000000076293000-memory.dmp

Filesize
8KB

Download
memory/848-57-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download
memory/1800-54-0x000007FEFBE31000-0x000007FEFBE33000-memory.dmp

Filesize
8KB

Download