svcready | 4e9014051b9fdca12579b66a2933233db9a065918420c9f2d031b2b2b262a592 | Triage

Analysis

max time kernel
60s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
16-08-2022 08:04

Sharing

Report Analysis Logs

General

Target

JUqEqDce.dll
Size

1.4MB
MD5

b77a0f2cc69d5c81f31be7bd73155c14
SHA1

0983a4bca3784c76e2ab50d90c03039a4461b33e
SHA256

4e9014051b9fdca12579b66a2933233db9a065918420c9f2d031b2b2b262a592
SHA512

9f9dbbdc77a411f3849eeb4d9f2df7e070657cdfe86757e2a97eac257819b5f45cf5a37f6c09e66c3e4172a56f93d3a91fbee415475be0aced2ef9a449efca30

Score

10^/10

svcready loader

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3664-133-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 4144 wrote to memory of 3664	4144	regsvr32.exe	regsvr32.exe
PID 4144 wrote to memory of 3664	4144	regsvr32.exe	regsvr32.exe
PID 4144 wrote to memory of 3664	4144	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JUqEqDce.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\JUqEqDce.dll
  2⤵
  PID:3664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3664-132-0x0000000000000000-mapping.dmp

Download
memory/3664-133-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download