svcready | 565efea74093a7d29d28b620dceae440e94a137f3fa64bcda33c07f570f07f96

Analysis

max time kernel
127s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2023 21:58

Target

4270ac10f07c053da87631666a6f8c16bbe967a1659a2920fd3e959b5c95e182.dll
Size

1.2MB
MD5

09ad73fc489b1fe55bffa703f290de87
SHA1

d561575e8d25665720b35be1beccb1984e49a85f
SHA256

4270ac10f07c053da87631666a6f8c16bbe967a1659a2920fd3e959b5c95e182
SHA512

16e3486ece5a20633be7352b162ebe53bd92e3afc477c6df9d387a8dfd7eb3c53f7964ada1d574f0ded4b73bab4ca77f638e3ffa9243952615e73eb2189499df
SSDEEP

24576:o6p6yI9Ei6vo01+xIZJLiX4bDahRRljiVOEkhlitu4dt+1cgvoG0YCNOQZerZMFb:o6ppiOtF

Score

10^/10

svcready loader

Detects SVCReady loader 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4172-133-0x0000000010000000-0x0000000010091000-memory.dmp	family_svcready

SVCReady
SVCReady is a malware loader first seen in April 2022.
loader svcready

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	Process	procid_target
PID 4972 wrote to memory of 4172	4972	regsvr32.exe	81
PID 4972 wrote to memory of 4172	4972	regsvr32.exe	81
PID 4972 wrote to memory of 4172	4972	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4270ac10f07c053da87631666a6f8c16bbe967a1659a2920fd3e959b5c95e182.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4270ac10f07c053da87631666a6f8c16bbe967a1659a2920fd3e959b5c95e182.dll
  2⤵
  PID:4172

memory/4172-132-0x0000000000000000-mapping.dmp

Download
memory/4172-133-0x0000000010000000-0x0000000010091000-memory.dmp

Filesize
580KB

Download