svcready | dfb1999d927d7d9282035fba300ba292b2d86cd8e36c100932a29f6caa1060e6 | Triage

Analysis

max time kernel
69s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2022 15:37

Sharing

Report Analysis Logs

General

Target

285907f6d9b6ec584763d0ef320ee6a2.dll
Size

1.3MB
MD5

285907f6d9b6ec584763d0ef320ee6a2
SHA1

2ed949dbe247b0f16fa8ef52270b0738b25910fd
SHA256

dfb1999d927d7d9282035fba300ba292b2d86cd8e36c100932a29f6caa1060e6
SHA512

fb8627044619e26bbb622cac0d82986ca09525a2a9192e94760865ba02822676f6a6955945d73cd6488c72e2dbae19687e15d4f9169ae9e638fe1ad4a62dcbe3

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2728-133-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 4772 wrote to memory of 2728	4772	regsvr32.exe	regsvr32.exe
PID 4772 wrote to memory of 2728	4772	regsvr32.exe	regsvr32.exe
PID 4772 wrote to memory of 2728	4772	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\285907f6d9b6ec584763d0ef320ee6a2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4772

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\285907f6d9b6ec584763d0ef320ee6a2.dll
2⤵
PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2728-132-0x0000000000000000-mapping.dmp

Download
memory/2728-133-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download