svcready | 1cc506caf43283f2f1c26533d1d98a4421a890fb5260e476d5e66bbead3f1af0 | Triage

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2022 18:08

Sharing

Report Analysis Logs

General

Target

62f2a24de09f7.dll
Size

1.2MB
MD5

edff4988b7e587d631e853ed8d4891f2
SHA1

48160a0296d90c2eb4aa94929a1019676fc7eeab
SHA256

1cc506caf43283f2f1c26533d1d98a4421a890fb5260e476d5e66bbead3f1af0
SHA512

e94e750911d20cde709f061ce1c0deef0a874e6df3d3073327acda7a49722da26b1c813f41f8f8eafe3de4235fe894d642d4357982f13e68ca13a65c90d12cd6

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral2/memory/4288-131-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 4288	5068	regsvr32.exe	82
PID 5068 wrote to memory of 4288	5068	regsvr32.exe	82
PID 5068 wrote to memory of 4288	5068	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\62f2a24de09f7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\62f2a24de09f7.dll
  2⤵
  PID:4288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4288-131-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download