svcready | 338d326973acb3c5260a943498ee13668c86d6d375e0005251392bef54b4aadc | Triage

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2022 09:52

Sharing

Report Analysis Logs

General

Target

62f22e2c25958.dll
Size

1.2MB
MD5

a40bf122a2f0617e31a60e0122b41b73
SHA1

761a6c8fa9b2f119f3d99a77a37a24a9783e3d6b
SHA256

338d326973acb3c5260a943498ee13668c86d6d375e0005251392bef54b4aadc
SHA512

abe6492ce5fdc3d6a5a835f75a7d017e12256a1c9c80dda02c047e4ff8e61632a29d9158536e7f110b7521ed66accb749be215d8fad547d5d440c7e243c18d9e

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3372-131-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2892 wrote to memory of 3372	2892	regsvr32.exe	regsvr32.exe
PID 2892 wrote to memory of 3372	2892	regsvr32.exe	regsvr32.exe
PID 2892 wrote to memory of 3372	2892	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\62f22e2c25958.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\62f22e2c25958.dll
  2⤵
  PID:3372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3372-130-0x0000000000000000-mapping.dmp

Download
memory/3372-131-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download