cb14a1932f495d71c3551af9fbe266b9c5d48d4417820d79c1067bd4047231df

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18/05/2023, 01:37

Target

Evon.exe
Size

6.2MB
MD5

5787c43be789b75db6751c8df22160e3
SHA1

a2b7746f95d7ab8529892aa3f6b9a687ad9f043f
SHA256

cb14a1932f495d71c3551af9fbe266b9c5d48d4417820d79c1067bd4047231df
SHA512

8e0ef8648a4df0c5576caf24ba8aae65eec6c77b00327107d7891e4bf285b2fdf89774cb1569b501745a14dcba19f558fe0cb4867363a828ed65401a806d1758
SSDEEP

98304:rDFmsG+4eOpS9qWNgNgCp6aGBwHCcmmxVA5/xDnLx0yu+5Tp6z:NDGw9fm2CnPhATd0yHq

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
768	1760	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	796	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	796	AUDIODG.EXE
Token: 33	796	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	796	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 768	1760	Evon.exe	28
PID 1760 wrote to memory of 768	1760	Evon.exe	28
PID 1760 wrote to memory of 768	1760	Evon.exe	28
PID 1760 wrote to memory of 768	1760	Evon.exe	28

C:\Users\Admin\AppData\Local\Temp\Evon.exe
"C:\Users\Admin\AppData\Local\Temp\Evon.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 992
  2⤵
  - Program crash
  PID:768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:796

memory/1760-54-0x00000000012D0000-0x000000000190E000-memory.dmp

Filesize
6.2MB

Download
memory/1760-55-0x0000000007820000-0x0000000008086000-memory.dmp

Filesize
8.4MB

Download
memory/1760-56-0x00000000003D0000-0x00000000003DE000-memory.dmp

Filesize
56KB

Download
memory/1760-57-0x0000000001220000-0x00000000012D0000-memory.dmp

Filesize
704KB

Download
memory/1760-58-0x0000000000E10000-0x0000000000E50000-memory.dmp

Filesize
256KB

Download
memory/1760-59-0x0000000008090000-0x00000000081CE000-memory.dmp

Filesize
1.2MB

Download
memory/1760-60-0x00000000004B0000-0x00000000004BA000-memory.dmp

Filesize
40KB

Download
memory/1760-61-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/1760-63-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/1760-64-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/1760-65-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download