svcready | 37faeea6303a4cf6b32b13d11ea43a133945dd473dc2736acb13db64913c44b4 | Triage

Analysis

max time kernel
40s
max time network
43s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
09-08-2022 09:44

Sharing

Report Analysis Logs

General

Target

62f22c85755fa.dll
Size

1.2MB
MD5

fe7830a2a8b1280759a468b686b9a6ce
SHA1

c6d41de72b8209883371cd3423e3c501abdd2e22
SHA256

37faeea6303a4cf6b32b13d11ea43a133945dd473dc2736acb13db64913c44b4
SHA512

71be70f8109967c80c9b1ec286d2f2790940cd65849a21e439a74e6656c4204ee471d72733d9c39f8cf350be6056439412a6576a0b0a8704f737a5d603ea3ad8

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral1/memory/944-57-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1384	944	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 944	1676	regsvr32.exe	27
PID 1676 wrote to memory of 944	1676	regsvr32.exe	27
PID 1676 wrote to memory of 944	1676	regsvr32.exe	27
PID 1676 wrote to memory of 944	1676	regsvr32.exe	27
PID 1676 wrote to memory of 944	1676	regsvr32.exe	27
PID 1676 wrote to memory of 944	1676	regsvr32.exe	27
PID 1676 wrote to memory of 944	1676	regsvr32.exe	27
PID 944 wrote to memory of 1384	944	regsvr32.exe	28
PID 944 wrote to memory of 1384	944	regsvr32.exe	28
PID 944 wrote to memory of 1384	944	regsvr32.exe	28
PID 944 wrote to memory of 1384	944	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\62f22c85755fa.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\62f22c85755fa.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 296
    3⤵
    - Program crash
    PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-56-0x0000000076771000-0x0000000076773000-memory.dmp

Filesize
8KB

Download
memory/944-57-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download
memory/1676-54-0x000007FEFC171000-0x000007FEFC173000-memory.dmp

Filesize
8KB

Download