Analysis Overview
SHA256
e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc
Threat Level: Known bad
The file Evolion Launcher.exe was found to be: Known bad.
Malicious Activity Summary
Gurcu family
Gurcu, WhiteSnake
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-07-06 16:47
Signatures
Gurcu family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-06 16:47
Reported
2023-07-06 16:50
Platform
win7-20230703-en
Max time kernel
28s
Max time network
32s
Command Line
Signatures
Gurcu, WhiteSnake
Processes
C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"
Network
Files
memory/1644-54-0x0000000000B50000-0x0000000000CB6000-memory.dmp
memory/1644-55-0x00000000004E0000-0x0000000000520000-memory.dmp
memory/1644-56-0x0000000000410000-0x000000000041A000-memory.dmp
memory/1644-57-0x00000000004E0000-0x0000000000520000-memory.dmp
memory/1644-58-0x00000000004E0000-0x0000000000520000-memory.dmp
memory/1644-59-0x00000000004E0000-0x0000000000520000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-07-06 16:47
Reported
2023-07-06 16:50
Platform
win10v2004-20230703-en
Max time kernel
143s
Max time network
147s
Command Line
Signatures
Gurcu, WhiteSnake
Processes
C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.21.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
Files
memory/4684-133-0x0000000000B30000-0x0000000000C96000-memory.dmp
memory/4684-134-0x0000000005760000-0x0000000005770000-memory.dmp
memory/4684-135-0x0000000008450000-0x0000000008458000-memory.dmp
memory/4684-136-0x00000000089C0000-0x00000000089F8000-memory.dmp
memory/4684-137-0x0000000008990000-0x000000000899E000-memory.dmp
memory/4684-138-0x0000000005760000-0x0000000005770000-memory.dmp
memory/4684-139-0x0000000005760000-0x0000000005770000-memory.dmp
memory/4684-140-0x0000000005760000-0x0000000005770000-memory.dmp
memory/4684-141-0x0000000005760000-0x0000000005770000-memory.dmp
memory/4684-142-0x0000000005760000-0x0000000005770000-memory.dmp