Overview

overview

6

Static

static

3

Evon.zip

windows10-1703-x64

1

Evon/Evon....re.dll

windows10-1703-x64

3

Evon/FluxAPI.dll

windows10-1703-x64

1

Evon/Fluxt...PI.dll

windows10-1703-x64

1

Evon/KrnlAPI.dll

windows10-1703-x64

1

Evon/Oxygen API.dll

windows10-1703-x64

1

Evon/bin/Monaco.html

windows10-1703-x64

6

Evon/bin/v...ain.js

windows10-1703-x64

1

Evon/bin/v...bat.js

windows10-1703-x64

1

Evon/bin/v...fee.js

windows10-1703-x64

1

Evon/bin/v...cpp.js

windows10-1703-x64

1

Evon/bin/v...arp.js

windows10-1703-x64

1

Evon/bin/v...csp.js

windows10-1703-x64

1

Evon/bin/v...css.js

windows10-1703-x64

1

Evon/bin/v...ile.js

windows10-1703-x64

1

Evon/bin/v...arp.js

windows10-1703-x64

1

Evon/bin/v.../go.js

windows10-1703-x64

1

Evon/bin/v...ars.js

windows10-1703-x64

1

Evon/bin/v...tml.js

windows10-1703-x64

1

Evon/bin/v...ini.js

windows10-1703-x64

1

Evon/bin/v...ava.js

windows10-1703-x64

1

Evon/bin/v...ess.js

windows10-1703-x64

1

Evon/bin/v...lua.js

windows10-1703-x64

1

Evon/bin/v...own.js

windows10-1703-x64

1

Evon/bin/v...dax.js

windows10-1703-x64

1

Evon/bin/v...sql.js

windows10-1703-x64

1

Evon/bin/v...e-c.js

windows10-1703-x64

1

Evon/bin/v...6x.svg

windows10-1703-x64

1

Evon/bin/v...6x.svg

windows10-1703-x64

1

Evon/bin/v...in.css

windows10-1703-x64

3

Evon/bin/v...te.svg

windows10-1703-x64

1

Evon/version.data

windows10-1703-x64

3

Resubmissions

26-05-2023 11:29

230526-nls4esfb93 3

26-05-2023 11:27

230526-nkymhsff8z 6

Analysis

  • max time kernel
    388s
  • max time network
    443s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-es
  • resource tags

    arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    26-05-2023 11:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Evon/bin/vs/editor/editor.main.css

  • Size

    171KB

  • MD5

    233217455a3ef3604bf4942024b94f98

  • SHA1

    95cd3ce46f4ca65708ec25d59dddbfa3fc44e143

  • SHA256

    2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701

  • SHA512

    6f4cb7b88673666b7dc1beab3ec2aec4d7d353e6da9f6f14ed2fee8848c7da34ee5060d9eb34ecbb5db71b5b98e3f8582c09ef3efe4f2d9d3135dea87d497455

  • SSDEEP

    1536:ZxP4PUPVP0PAPeMi76Q4TVq5bbhLynlDTkDatDF8Jmmvgs0aMJkn:p2bIRkDSYmmvgs0aMJK

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Evon\bin\vs\editor\editor.main.css
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4400
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Evon\bin\vs\editor\editor.main.css
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:640

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads