Overview

overview

8

Static

static

Evon/Evon.dll

windows7-x64

1

Evon/Evon.dll

windows10-2004-x64

1

Evon/Evon.exe

windows7-x64

6

Evon/Evon.exe

windows10-2004-x64

8

Evon/FluxAPI.dll

windows7-x64

1

Evon/FluxAPI.dll

windows10-2004-x64

1

Evon/KrnlAPI.dll

windows7-x64

1

Evon/KrnlAPI.dll

windows10-2004-x64

1

Evon/Oxygen API.dll

windows7-x64

1

Evon/Oxygen API.dll

windows10-2004-x64

1

Evon/runti...er.dll

windows7-x64

1

Evon/runti...er.dll

windows10-2004-x64

1

Evon/runti...er.dll

windows7-x64

3

Evon/runti...er.dll

windows10-2004-x64

3

Evon/runti...er.dll

windows7-x64

1

Evon/runti...er.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    90s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2022, 08:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Evon/Evon.dll

  • Size

    9.7MB

  • MD5

    76270aaee6984f1227ca9c31156210c1

  • SHA1

    eaf39d05bf665578257821f372c5ceeb1ee16f4e

  • SHA256

    f006e5286969aeb55f69a5e16193264fa795bedaa03736ce92559a17b3c8c580

  • SHA512

    5cd52a15fcb13b4204f588440c0d65b1c2a64dec18a8188647b591ba503614b83d9f826aa768ee5c9444e393821360785a8caff09774864109a61c3d5b657f75

  • SSDEEP

    196608:qKHjG4/XI5fPxCw2MHTDgJwm+Dm3g/yfqkREQu+eKo3N5DWl+JXmt9vodib:qx4XmPxS0TDO+DV6/pu73bUCGv

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Evon\Evon.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4372
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Evon\Evon.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3144-133-0x0000000073FE0000-0x0000000075317000-memory.dmp

    Filesize

    19.2MB

    Download

  • memory/3144-136-0x0000000073FE0000-0x0000000075317000-memory.dmp

    Filesize

    19.2MB

    Download

  • memory/3144-137-0x0000000073FE0000-0x0000000075317000-memory.dmp

    Filesize

    19.2MB

    Download