svcready | 37faeea6303a4cf6b32b13d11ea43a133945dd473dc2736acb13db64913c44b4 | Triage

Analysis

max time kernel
143s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220722-en
resource tags

arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2022 09:44

Sharing

Report Analysis Logs

General

Target

62f22c85755fa.dll
Size

1.2MB
MD5

fe7830a2a8b1280759a468b686b9a6ce
SHA1

c6d41de72b8209883371cd3423e3c501abdd2e22
SHA256

37faeea6303a4cf6b32b13d11ea43a133945dd473dc2736acb13db64913c44b4
SHA512

71be70f8109967c80c9b1ec286d2f2790940cd65849a21e439a74e6656c4204ee471d72733d9c39f8cf350be6056439412a6576a0b0a8704f737a5d603ea3ad8

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral2/memory/3096-133-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 3096	4944	regsvr32.exe	81
PID 4944 wrote to memory of 3096	4944	regsvr32.exe	81
PID 4944 wrote to memory of 3096	4944	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\62f22c85755fa.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\62f22c85755fa.dll
  2⤵
  PID:3096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3096-133-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download