svcready | c710edb3e8b62981cd8b3f01de3a9ac43417effd342e1c8e8b83f0277eed1149

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2022 15:01

Target

6821b537c2deb89bcb181524042ce8b52ea9852def48375d76d68cde2a276d3e.dll
Size

1.5MB
MD5

40b1d02c1408620b18f9850909606315
SHA1

e8fd2e7d6e61c25776845017f547aee21d52f3d6
SHA256

6821b537c2deb89bcb181524042ce8b52ea9852def48375d76d68cde2a276d3e
SHA512

be41b7357d27b6e47129d3b1585dfd8ab035a8ebf5ce29499909a9cc933c41a31eb58fb1ae931c0218f7a8930a5e2d49626ada9ea106486662af6f636388af6d
SSDEEP

24576:xHf0hvBaBdjZAIVCv1nWe2PQIgzZaTonGkeMVlR18qLElrQPdSVSK1szTjjVRJfc:xMf5XQ

Score

10^/10

svcready loader

Detects SVCReady loader 1 IoCs

resource	yara_rule
behavioral2/memory/2356-133-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2356	2892	regsvr32.exe	81
PID 2892 wrote to memory of 2356	2892	regsvr32.exe	81
PID 2892 wrote to memory of 2356	2892	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6821b537c2deb89bcb181524042ce8b52ea9852def48375d76d68cde2a276d3e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6821b537c2deb89bcb181524042ce8b52ea9852def48375d76d68cde2a276d3e.dll
  2⤵
  PID:2356

memory/2356-133-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download