svcready | f5f1ba0209d95ebb673546a84565d9c8d44a4b82659e06617b8ff4fe1c15573b | Triage

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
09-08-2022 09:53

Sharing

Report Analysis Logs

General

Target

62f22b86f1aa5.dll
Size

1.2MB
MD5

eda9e1e9bbe300db60e850188097d141
SHA1

baeb49bfc881a4cc44fd07433e51bd6f98fd04c9
SHA256

f5f1ba0209d95ebb673546a84565d9c8d44a4b82659e06617b8ff4fe1c15573b
SHA512

f3e744dd0d6deb6c511b4a89fe451b315dcf86af1ac9c58025c29391630d33a65545b247e460e9cf0972cbd705b6e2a6ef94643c30df4c5363070cf09da9fbeb

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral1/memory/1080-57-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1740	1080	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1080	1932	regsvr32.exe	27
PID 1932 wrote to memory of 1080	1932	regsvr32.exe	27
PID 1932 wrote to memory of 1080	1932	regsvr32.exe	27
PID 1932 wrote to memory of 1080	1932	regsvr32.exe	27
PID 1932 wrote to memory of 1080	1932	regsvr32.exe	27
PID 1932 wrote to memory of 1080	1932	regsvr32.exe	27
PID 1932 wrote to memory of 1080	1932	regsvr32.exe	27
PID 1080 wrote to memory of 1740	1080	regsvr32.exe	28
PID 1080 wrote to memory of 1740	1080	regsvr32.exe	28
PID 1080 wrote to memory of 1740	1080	regsvr32.exe	28
PID 1080 wrote to memory of 1740	1080	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\62f22b86f1aa5.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\62f22b86f1aa5.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 296
    3⤵
    - Program crash
    PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1080-56-0x00000000760E1000-0x00000000760E3000-memory.dmp

Filesize
8KB

Download
memory/1080-57-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download
memory/1932-54-0x000007FEFC251000-0x000007FEFC253000-memory.dmp

Filesize
8KB

Download