svcready | 1cc506caf43283f2f1c26533d1d98a4421a890fb5260e476d5e66bbead3f1af0 | Triage

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
09-08-2022 18:08

Sharing

Report Analysis Logs

General

Target

62f2a24de09f7.dll
Size

1.2MB
MD5

edff4988b7e587d631e853ed8d4891f2
SHA1

48160a0296d90c2eb4aa94929a1019676fc7eeab
SHA256

1cc506caf43283f2f1c26533d1d98a4421a890fb5260e476d5e66bbead3f1af0
SHA512

e94e750911d20cde709f061ce1c0deef0a874e6df3d3073327acda7a49722da26b1c813f41f8f8eafe3de4235fe894d642d4357982f13e68ca13a65c90d12cd6

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral1/memory/1876-57-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1600	1876	WerFault.exe	27

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 1876	1796	regsvr32.exe	27
PID 1796 wrote to memory of 1876	1796	regsvr32.exe	27
PID 1796 wrote to memory of 1876	1796	regsvr32.exe	27
PID 1796 wrote to memory of 1876	1796	regsvr32.exe	27
PID 1796 wrote to memory of 1876	1796	regsvr32.exe	27
PID 1796 wrote to memory of 1876	1796	regsvr32.exe	27
PID 1796 wrote to memory of 1876	1796	regsvr32.exe	27
PID 1876 wrote to memory of 1600	1876	regsvr32.exe	28
PID 1876 wrote to memory of 1600	1876	regsvr32.exe	28
PID 1876 wrote to memory of 1600	1876	regsvr32.exe	28
PID 1876 wrote to memory of 1600	1876	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\62f2a24de09f7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\62f2a24de09f7.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 304
    3⤵
    - Program crash
    PID:1600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1796-54-0x000007FEFBB91000-0x000007FEFBB93000-memory.dmp

Filesize
8KB

Download
memory/1876-56-0x0000000074F71000-0x0000000074F73000-memory.dmp

Filesize
8KB

Download
memory/1876-57-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download