Overview

overview

6

Static

static

3

Evon.zip

windows7-x64

1

Evon.zip

windows10-2004-x64

1

Evon.exe

windows7-x64

1

Evon.exe

windows10-2004-x64

1

Launcher.bat

windows7-x64

1

Launcher.bat

windows10-2004-x64

6

README.txt

windows7-x64

1

README.txt

windows10-2004-x64

1

config

windows7-x64

1

config

windows10-2004-x64

1

lua51.dll

windows7-x64

3

lua51.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    1608s
  • max time network
    1551s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    README.txt

  • Size

    410B

  • MD5

    5470c1484d7547c70fcddacb19bcb823

  • SHA1

    4156ae61439baa7149fe88c69794cba6edea862d

  • SHA256

    fa7263d3a001a80914e3b9790de7b9dbb216d39436d222304a97aded0f5d5842

  • SHA512

    0c4a19627523545ff096576b02531b791e7505fbed522bcb6fe3beb1a1167a94b7feee7ba9bea141039ec762e308a43eeff8e0f8c4145397f2ebd016c6309652

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\README.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:1048
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:4536
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4832

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4832-0-0x00000138B8E40000-0x00000138B8E50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4832-16-0x00000138B8F40000-0x00000138B8F50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4832-32-0x00000138C12A0000-0x00000138C12A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4832-34-0x00000138C12D0000-0x00000138C12D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4832-35-0x00000138C12D0000-0x00000138C12D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4832-36-0x00000138C13E0000-0x00000138C13E1000-memory.dmp

      Filesize

      4KB

      Download