c3bea77935fa1563dd6b3879e53736cf5a840550cd61a6b3c46c7bd6992fa191

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
10-06-2023 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tong.exe
Size

16.5MB
MD5

0338c8ca499fa6d5f9fd5b60e706f2fc
SHA1

4af3b4c922675a4e34a0d73916a0d1a8ef8f7a1e
SHA256

c3bea77935fa1563dd6b3879e53736cf5a840550cd61a6b3c46c7bd6992fa191
SHA512

932e622a83d10fff3cd0c09bcca40224cd3fe236b2787a3d15a4cc01e8cf3201ff9d478df360a6dbaffa60f656ebfceca8c021564bc846260ef064023d960224
SSDEEP

393216:vu7L/sQPdvBT1obI/hvaCncvnKhs4Gpa66g77ZSqJIAky/Nij:vCL0QPJx1h/hiCn1hs4JDg77ZS4iyA

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
880	tong.exe
880	tong.exe
880	tong.exe
880	tong.exe
880	tong.exe
880	tong.exe
880	tong.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 328 wrote to memory of 880	328	tong.exe	29
PID 328 wrote to memory of 880	328	tong.exe	29
PID 328 wrote to memory of 880	328	tong.exe	29

C:\Users\Admin\AppData\Local\Temp\tong.exe
"C:\Users\Admin\AppData\Local\Temp\tong.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:328
- C:\Users\Admin\AppData\Local\Temp\tong.exe
  "C:\Users\Admin\AppData\Local\Temp\tong.exe"
  2⤵
  - Loads dropped DLL
  PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-file-l1-2-0.dll

Filesize
10KB

MD5
af8d7a54222e2043799967f439bea8fd

SHA1
bfdccb66c717298f373b3b89179d9078f4a2efc8

SHA256
eb61bc390236a07bebfe29626d764c639fe35dfc4d57ad9db26575e1cd01e8d9

SHA512
4e57b3fa5395599449567750fd3704dc8ff1bf925a61c3ba0a952d65753c08afe6095f630c1713c1d38f21f04bef91ec737977ce2ffe4f77779c051730e462ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
bafa9dfe418105adc41f9d7a71e3f296

SHA1
30183f238a74406e86e430b7c28055c26d6d6747

SHA256
369aade50ca3634b9af66ee24e572d09d4bb15b71a711ae86f9ec132aa29ee3c

SHA512
b2214f7d0afb4926840787f25388e8af340a896f54c36fd86df7951f2d8399fb31a0d9778fffe72df5aff60fcaf8a998dc7f6829854ab82386218964198ddecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
d30d70195485199792f4c9bf0ff4bec7

SHA1
7ee981a4512f5e8897a1afc8490c514ca35454b5

SHA256
c9d10a2a3ba5f2020cc0c2ae8501d9806cd33f9310073ae5c27d26588c7080e3

SHA512
0bdf2456e32b69d331b94202b5fd6ec6d0a9b4dc84df73b4cc849bc7e96d5d3f673b83d3e46976ebec38002f83f45ed37ebedadb4c88aca33cef0657c7083e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
42ac40c9a164c4e55c6dda78b6f70406

SHA1
fe2f116bcb49cf5be3abe019d8bb9cef6727fc28

SHA256
be3c7e7f0c26534714bbb7da932734bdea5eddebfee3b91066ae88994db7f9d3

SHA512
7466b9d62f30ccf296ffb4f77eae312add2480e5608d41db5fb7532cd8fee215c23b458d87e65db6aa58c3b52380283ebd5c223330363a91db9fd8d3b0ca9443

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
f0d99530c8b9f113cad037acd65d588d

SHA1
4a411f1498f2b7610956b0502ffcb33ae5b3f52a

SHA256
615745d0e4e18d12530a982b1c0e20d11fd5a07be4e032cbdd8345ad35faa74f

SHA512
88c7992a021823de9cbd190ceea87d776f96a5aac4f432ec9ddbe0214746a4fc2f8f726700cdacf50af7ef2712d9e4c3ab764793bb9562f5f2cf6280ce50287f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\python310.dll

Filesize
4.2MB

MD5
c6c37b848273e2509a7b25abe8bf2410

SHA1
b27cfbd31336da1e9b1f90e8f649a27154411d03

SHA256
b7a7f3707beab109b66de3e340e3022dd83c3a18f444feb9e982c29cf23c29b8

SHA512
222ad791304963a4b8c1c6055e02c0c4c47fce2bb404bd4f89c022ff9706e29ca6fa36c72350fbf296c8a0e3e48e3756f969c003dd1eb056cd026efe0b7eba40

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3282\ucrtbase.dll

Filesize
985KB

MD5
82275470b983a69b3aeaa02cd1d86d08

SHA1
3daf3cfd0d2612d158dff8fcca2918ab35723b7c

SHA256
ffbc3700230091d0984048a44d6958a426bc1677b2674138a17d9592901a2e10

SHA512
d6509b486df4cae71575cfc12e6a7abc0983b98e274c6d4e08228675d4f5a5416f7a4bb7d959f787d87cb9e17832c79aa12bf1cc05fd7836be561ae8c477dc35

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-file-l1-2-0.dll

Filesize
10KB

MD5
af8d7a54222e2043799967f439bea8fd

SHA1
bfdccb66c717298f373b3b89179d9078f4a2efc8

SHA256
eb61bc390236a07bebfe29626d764c639fe35dfc4d57ad9db26575e1cd01e8d9

SHA512
4e57b3fa5395599449567750fd3704dc8ff1bf925a61c3ba0a952d65753c08afe6095f630c1713c1d38f21f04bef91ec737977ce2ffe4f77779c051730e462ab

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
bafa9dfe418105adc41f9d7a71e3f296

SHA1
30183f238a74406e86e430b7c28055c26d6d6747

SHA256
369aade50ca3634b9af66ee24e572d09d4bb15b71a711ae86f9ec132aa29ee3c

SHA512
b2214f7d0afb4926840787f25388e8af340a896f54c36fd86df7951f2d8399fb31a0d9778fffe72df5aff60fcaf8a998dc7f6829854ab82386218964198ddecc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
d30d70195485199792f4c9bf0ff4bec7

SHA1
7ee981a4512f5e8897a1afc8490c514ca35454b5

SHA256
c9d10a2a3ba5f2020cc0c2ae8501d9806cd33f9310073ae5c27d26588c7080e3

SHA512
0bdf2456e32b69d331b94202b5fd6ec6d0a9b4dc84df73b4cc849bc7e96d5d3f673b83d3e46976ebec38002f83f45ed37ebedadb4c88aca33cef0657c7083e75

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
42ac40c9a164c4e55c6dda78b6f70406

SHA1
fe2f116bcb49cf5be3abe019d8bb9cef6727fc28

SHA256
be3c7e7f0c26534714bbb7da932734bdea5eddebfee3b91066ae88994db7f9d3

SHA512
7466b9d62f30ccf296ffb4f77eae312add2480e5608d41db5fb7532cd8fee215c23b458d87e65db6aa58c3b52380283ebd5c223330363a91db9fd8d3b0ca9443

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
f0d99530c8b9f113cad037acd65d588d

SHA1
4a411f1498f2b7610956b0502ffcb33ae5b3f52a

SHA256
615745d0e4e18d12530a982b1c0e20d11fd5a07be4e032cbdd8345ad35faa74f

SHA512
88c7992a021823de9cbd190ceea87d776f96a5aac4f432ec9ddbe0214746a4fc2f8f726700cdacf50af7ef2712d9e4c3ab764793bb9562f5f2cf6280ce50287f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\python310.dll

Filesize
4.2MB

MD5
c6c37b848273e2509a7b25abe8bf2410

SHA1
b27cfbd31336da1e9b1f90e8f649a27154411d03

SHA256
b7a7f3707beab109b66de3e340e3022dd83c3a18f444feb9e982c29cf23c29b8

SHA512
222ad791304963a4b8c1c6055e02c0c4c47fce2bb404bd4f89c022ff9706e29ca6fa36c72350fbf296c8a0e3e48e3756f969c003dd1eb056cd026efe0b7eba40

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI3282\ucrtbase.dll

Filesize
985KB

MD5
82275470b983a69b3aeaa02cd1d86d08

SHA1
3daf3cfd0d2612d158dff8fcca2918ab35723b7c

SHA256
ffbc3700230091d0984048a44d6958a426bc1677b2674138a17d9592901a2e10

SHA512
d6509b486df4cae71575cfc12e6a7abc0983b98e274c6d4e08228675d4f5a5416f7a4bb7d959f787d87cb9e17832c79aa12bf1cc05fd7836be561ae8c477dc35

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads