svcready | c30bb0a4acaee1617f4371d6184c31749de411b27f110c1e982ea69444134247 | Triage

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2022 00:23

Sharing

Report Analysis Logs

General

Target

y7F6A.tmp.dll
Size

1.2MB
MD5

c7e12aa82835a11c3d70bc95b4f96cd3
SHA1

af47bae95088117667c0033b394cddc2855af853
SHA256

c30bb0a4acaee1617f4371d6184c31749de411b27f110c1e982ea69444134247
SHA512

9c3b7c757a02332cfd02a6eb8c7b5fcbe357aa5b661b2daee45f920e6c0f28825db680f62279e8ba22d8723b0d017cdb1e9d1d07425427cacf2e4617b6121fc8

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4136-131-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 8 wrote to memory of 4136	8	regsvr32.exe	regsvr32.exe
PID 8 wrote to memory of 4136	8	regsvr32.exe	regsvr32.exe
PID 8 wrote to memory of 4136	8	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\y7F6A.tmp.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:8

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\y7F6A.tmp.dll
2⤵
PID:4136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4136-130-0x0000000000000000-mapping.dmp

Download
memory/4136-131-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download