Overview

overview

3

Static

static

3

Evon/Evon....re.dll

windows7-x64

1

Evon/Evon....re.dll

windows10-2004-x64

3

Evon/FluxAPI.dll

windows7-x64

1

Evon/FluxAPI.dll

windows10-2004-x64

1

Evon/Fluxt...PI.dll

windows7-x64

1

Evon/Fluxt...PI.dll

windows10-2004-x64

1

Evon/KrnlAPI.dll

windows7-x64

1

Evon/KrnlAPI.dll

windows10-2004-x64

1

Evon/Oxygen API.dll

windows7-x64

1

Evon/Oxygen API.dll

windows10-2004-x64

1

Evon/bin/Monaco.html

windows7-x64

1

Evon/bin/Monaco.html

windows10-2004-x64

1

Evon/bin/v...ain.js

windows7-x64

1

Evon/bin/v...ain.js

windows10-2004-x64

1

Evon/bin/v...bat.js

windows7-x64

1

Evon/bin/v...bat.js

windows10-2004-x64

1

Evon/bin/v...fee.js

windows7-x64

1

Evon/bin/v...fee.js

windows10-2004-x64

1

Evon/bin/v...cpp.js

windows7-x64

1

Evon/bin/v...cpp.js

windows10-2004-x64

1

Evon/bin/v...arp.js

windows7-x64

1

Evon/bin/v...arp.js

windows10-2004-x64

1

Evon/bin/v...csp.js

windows7-x64

1

Evon/bin/v...csp.js

windows10-2004-x64

1

Evon/bin/v...css.js

windows7-x64

1

Evon/bin/v...css.js

windows10-2004-x64

1

Evon/bin/v...ile.js

windows7-x64

1

Evon/bin/v...ile.js

windows10-2004-x64

1

Evon/bin/v...arp.js

windows7-x64

1

Evon/bin/v...arp.js

windows10-2004-x64

1

Evon/bin/v.../go.js

windows7-x64

1

Evon/bin/v.../go.js

windows10-2004-x64

1

Resubmissions

21/07/2023, 23:25

230721-3eh27shb75 3

21/07/2023, 23:23

230721-3ddq4ahf5v 3

Analysis

  • max time kernel
    134s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2023, 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Evon/bin/Monaco.html

  • Size

    70KB

  • MD5

    8376a0234b6a77d02648ccfb76759bbe

  • SHA1

    617c9f9c623c139c1546e1c6e367fcd3c4cb293a

  • SHA256

    1715131f85de31e755fe0453c6c44fd10acfdd18577c60ad688e8bd309603d41

  • SHA512

    89376e23c44678c0d418bdf30f448ced9d69b8d6c4a509c33076e3e091c91f559016657e6bdfe01f5ef906c0e74bd1156d96abed5d33db4d011c3ed0174fd217

  • SSDEEP

    1536:AwmVPlSG/xJ4RyTbNfBf8XT/p/gmFwZKvWPvGVW2P2zVf3xgoaC:3mVPlSaJ4RyTbNfBf8XT/p/gmFwKWPvT

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Evon\bin\Monaco.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e81e11ce1d454eaaf05c7d6a786d0b3

    SHA1

    60ac274168e81e9bc170af33f03997570d9b7cb0

    SHA256

    ccb62a62370c7183debda15ac2e23e895a8a61bdc33b5a110bb820e0cee03d0e

    SHA512

    82b21f16e2bb71f9053c4590c01b95b807e45f8a539e36c3db04cba03d07f9049ba3066862c96b0f971685e2eb71d15636f50e0dfc5b17812891d659d4dfca88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de861c4068216754c0a57767946cc866

    SHA1

    ea00d2f68e2b09b0125a73d0eb0f2ef450b352b4

    SHA256

    4ad6e3650d41f41b613ee4797c8c02449e0c195dfcdfa2a8eddd6f51c57ab940

    SHA512

    d23c9cbc1d59671940c24fee7abdcc94606f7a563d8dfc64fdcecaabb95d4026cc01364d5495a5af1f380402f1e9e602385d0d107e8d69a4d192baed61f633d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8de24ddfa68a092de83bc3bef65d8fb6

    SHA1

    8b5e0057b36728cf9345e9ffd7c5361ae6f0119a

    SHA256

    6cc7acdcde69d8aefde8a9e3685e0d7df20452c3ea296cfa872cb8f494e5937f

    SHA512

    b34bcfa67a9a28cdf6d504eecf488413137b25fc9b8aa4d368e0166d108450291588ed0431716948d883264fa2ddbf09082c3331872619e08012b8828ccda3b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f0bc2fe2717c35e5e605b419c004845

    SHA1

    a355b29c487bd109078973b913c608aeb9df2882

    SHA256

    5a1894dbc30b7bcfe8b4768535395b667a1c8559a501aa268a5d91c295903c63

    SHA512

    f6bfc40cae3609b97894b148317eeb2756fdef521aa55bbedd82054f87057baf146171235526123489f7bcaca10e4d2a748f62827db9b296d5d4b53680170311

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8eda56e6f47e4a17dfb36f6424b8a3b2

    SHA1

    aaa7b1da92920306f0a2031fcb75d8c5ebbd1cc1

    SHA256

    28026198a7bc81ae3e65c6e097f8b5a0a54689df54239c3445db85de24389b50

    SHA512

    0f669cb148b32c9f9da1e381b300a4315b5457161d287fff53fecfbd1ac8d85c6e59f4f82efe49367c34f88436f84317bbde11a5410c40062a8c20a33af27723

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d72577e837812fee52885933d54d36a

    SHA1

    115fc0f4ef31fadccf46638d4dca20aa7e725403

    SHA256

    edf360cdc8bab460d92166207aa11c60bf7a1284c6ddf561d7c1373f413255b9

    SHA512

    51c188c9308fea32e1deb0876a44a3428f180d93c819e36f6395fae3794a6be1e2b31d9f27a7f6e3c9213bf72a4e595cdc028b63ba9930df6486690d201fb05f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5d66bea9985a46a3be5f85f9d5a85c64

    SHA1

    94207b2fd2977ec018f105cee2bb9e0bd376236b

    SHA256

    859bdd89419d024f3ccb35158729a9a7381644c60b5c8adcf9b10784f93b039e

    SHA512

    529c0f963acaa9409b364fd8870ff7e452982185301988ce941091ca9e7f3a60c87c0d6cd2b79a36d13c0a0591df2ed038dfc34ab437c141838b3cfd2eda7052

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c3a3f26a2858baf4f8821c319b2d9122

    SHA1

    eb37d12d57b77411f558159301be63313b81296e

    SHA256

    cb63028ab08b55fd224be5638b63f4bf6bf569e351ed56d8c433d02f53f67fc7

    SHA512

    c0b96379991967ebb053918c2323579b3065e1504537c27d4ad1e928472920e8b16e06e47da9eda45fdfd809f6a1ab6dd7e3d09e6962f499cad7242906d9c7f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40688c43ae3b25b8dd6fc6c9bb14f3f5

    SHA1

    2c5d4237489f4dc68a79e230df347cfcf4485631

    SHA256

    6e748edfa79c4df4a7f6847600a0c91ea790f2b70ab3f1a51d9e604772d38708

    SHA512

    909cd6ba5d537debc42395839d82fe751266a43256ba9e700f87e3e33f192517c88e0e51f381dc754df4f749de15ac11940477910d535b579ffe192735d72212

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2e740700196c43ed402f776d58a839ec

    SHA1

    99c5261c4b3af3f9969137c72c8102e8212f82b3

    SHA256

    05aa0969312cfcd99cc1426d49c818f9132f08552369316540bfc4c1eaa4b8ec

    SHA512

    85fb86353f4a02d570055a8876d388e9f46b89a0333d8a9831f2367a1dad1167acdb1ce5ac33497b12d907c4ce2e07104ee0c58788ec51e457e5fd03a32b88e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5N1CMJ9\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9667.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar97B3.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B2UF6OFC.txt
    Filesize

    608B

    MD5

    4332cf1cc7b5c263bcca8353c7e38167

    SHA1

    662b6f06b9639f0d19b5bb7eff24925eba99866c

    SHA256

    a1ca991ad58de71b86b1c10523292206cd937683716ed3b2a3e5c171ce307efe

    SHA512

    c0da8442545df2b52d9321e621f5a936cc437d796804bf0c39500e2867c330158682edb30bce13bacc20203134e4ef6447d317b31bcf51d9769d5791da3453da

    Download Submit