Analysis
-
max time kernel
143s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
16-08-2022 14:35
Static task
static1
Behavioral task
behavioral1
Sample
yCB76.tmp.dll
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
General
-
Target
yCB76.tmp.dll
-
Size
1.3MB
-
MD5
12d6c20a26b0bf4ccf592f0e49fc45ed
-
SHA1
41e9dd41d25b79a786661f6e651d265a79b92f7e
-
SHA256
3591ff933e5f635b902114f88c4713ee0f218d7c7fb4852c10212ca356fbe707
-
SHA512
2456290bb6080fb18c64ea21cfa7ab5ef33da7b30c1c2a8ec288f5ad9d9fe27b7d028efa8cc221388af57e8ef73b9313cc897e765f341837a90db2cc2ca11553
Malware Config
Signatures
-
Detects SVCReady loader 1 IoCs
resource yara_rule behavioral2/memory/4620-133-0x0000000010000000-0x0000000010091000-memory.dmp family_svcready -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5056 wrote to memory of 4620 5056 regsvr32.exe 82 PID 5056 wrote to memory of 4620 5056 regsvr32.exe 82 PID 5056 wrote to memory of 4620 5056 regsvr32.exe 82