184238497be5068f3544229b2d294552e4891248fc17468c85c2887118cea305

Analysis

max time kernel
1590s
max time network
1594s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
24/04/2023, 13:08

Target

Evon/Evon.dll
Size

5.2MB
MD5

ba2cb86836a523d0222d1b6d196df10b
SHA1

048afc664496513e65e19d8a78a7f7268cd9b877
SHA256

9bce7d3774c8aef1246668a32820c65feafa2adf96741042e3f0de2159ea15ae
SHA512

e5698dca580303f459d7814d8ed211c25b8faf71ddec02f175971b73ebdd546e705facaf91bd0c879a78554f5008b456442d1ff1c1a691b06d2b94fcace59148
SSDEEP

49152:sb86snt+LAKcEktNeOheMktSJOlfGw2PS7p06UL/7V1WIB9cp/cXTtjfY56TKkvI:6C1K8tNve18CUCcXTFY56ekyQv3TOG2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1396	1276	rundll32.exe	27
PID 1276 wrote to memory of 1396	1276	rundll32.exe	27
PID 1276 wrote to memory of 1396	1276	rundll32.exe	27
PID 1276 wrote to memory of 1396	1276	rundll32.exe	27
PID 1276 wrote to memory of 1396	1276	rundll32.exe	27
PID 1276 wrote to memory of 1396	1276	rundll32.exe	27
PID 1276 wrote to memory of 1396	1276	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Evon\Evon.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Evon\Evon.dll,#1
  2⤵
  PID:1396