45d8ae6986b8da12e75e41dcbc020d897fce97dae6e7648d293fdd4005ce6b9b

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
16/11/2023, 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tongsha+base64.exe
Size

7.0MB
MD5

56c482193f8bb78f1e24de0b88c5348f
SHA1

6cb9fb5cb43d680a47cdbb45693b377bb3975c30
SHA256

45d8ae6986b8da12e75e41dcbc020d897fce97dae6e7648d293fdd4005ce6b9b
SHA512

90ceb3c3d250af2a7093b5576b9a306c09becdc2339c36f138a68dabc1fd5340bcbd3e70b1ddf6d0345b095326241f24b8734f55e55b05490d4848cde7364cf2
SSDEEP

196608:2aC/WfL2Vmd6+DXLZy7YM30LzajMpJWe:uWfL2Vmd6m70GzajMr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2736	tongsha+base64.exe
2736	tongsha+base64.exe
2736	tongsha+base64.exe
2736	tongsha+base64.exe
2736	tongsha+base64.exe
2736	tongsha+base64.exe
2736	tongsha+base64.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2736	2280	tongsha+base64.exe	29
PID 2280 wrote to memory of 2736	2280	tongsha+base64.exe	29
PID 2280 wrote to memory of 2736	2280	tongsha+base64.exe	29

C:\Users\Admin\AppData\Local\Temp\tongsha+base64.exe
"C:\Users\Admin\AppData\Local\Temp\tongsha+base64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\tongsha+base64.exe
  "C:\Users\Admin\AppData\Local\Temp\tongsha+base64.exe"
  2⤵
  - Loads dropped DLL
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
63f88fa59f6ced6ec5bc50b5407b1fc2

SHA1
9806cd443812e7939c4d95e3c583c2785ea165b1

SHA256
a179666b529fc407fd16be148f5f221fd7774773e80a94d747091aca7d390da4

SHA512
bef016e0cccb71ab6efd357bbcc3e4f03fe8cb1392e022689aee2048afa3f20192dd2b1496d763cdea81264c644bd30cd40c7976d95ebf27882ed434b74e03e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
5b99824d6509fe5b4f0dc09c3706e4b9

SHA1
d5b08505f9359be50f45449b7d46da42b00da7c7

SHA256
2771bf5156cdaf5dddc234254dc200064c2643ea2368807a965f5574153b4c08

SHA512
f5c604d95b056b71d801ac9b84d7127718cd9cfab8fffb7524c9c8a919e8a24e3b55d618931302c4be83560bc95871db6ecb9ec79fa254e235bee55d32036e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
5d32a3644d850032038b55546b6d6665

SHA1
faeeb777ce0af9716e0e534ba3846051e52e3ab6

SHA256
bc3972ea34c0df384e6b1196cdf88c805f7363949e7c92d5cf457fa5114d4512

SHA512
a14b10468159b67ff7af52f7c8248995d528341000718069734017a079278d0248d76b369dad8b1c20f0b4480ae55d9e5b48ded02a12a83a943def9a4cc3436d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
d4148c6bc8c9881eedfb64c87375f629

SHA1
485d36a00bdeb09dfc3cb87ed239b0f750d68f16

SHA256
6a8ac79a755982c408b86ac6876d0f861c96ad7b3ce203b8951d7d278b113f20

SHA512
67e75d666f9ec431049e01a883a9e96472b5489929d9a81fff7d1c8518b3980eb9a85c5f510c9daa2bd38e937cad307afbfa11d904b1c554444fd5b174d52a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
75ab723020ac262b6b5669b9be0239c4

SHA1
fa6672eb6ca5f2ba3cd1764a98e1c8875d307866

SHA256
af9bb3ff8b02b16a5ad1897db329bb934d07dc081984044373f2d1ac03532907

SHA512
83b7ccb5c5f550178e72741fa4cdfea55b4c55fd0fca3947618089871872b824cf0e59da12ab342559e3a34d86d98d855064b651a3168c1cfc583d5d4a47308f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\python39.dll

Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI22802\ucrtbase.dll

Filesize
969KB

MD5
60606071bf033275377fd66a2a7de09c

SHA1
2475cdfd25427be07b3662e99c185cc49df35c6e

SHA256
4eace6c996a2ed322bd43810db9fb64e20114682f4b71fcd4031215f803f5f47

SHA512
bf9fbe3d162388be71d866a818f0f583ffb479fa151e62125ff200d40902e6ab1e61822e85ca01c319a1304fd899390ecc7d9ba3b3b061eac84cd23d644b699e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
63f88fa59f6ced6ec5bc50b5407b1fc2

SHA1
9806cd443812e7939c4d95e3c583c2785ea165b1

SHA256
a179666b529fc407fd16be148f5f221fd7774773e80a94d747091aca7d390da4

SHA512
bef016e0cccb71ab6efd357bbcc3e4f03fe8cb1392e022689aee2048afa3f20192dd2b1496d763cdea81264c644bd30cd40c7976d95ebf27882ed434b74e03e9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
5b99824d6509fe5b4f0dc09c3706e4b9

SHA1
d5b08505f9359be50f45449b7d46da42b00da7c7

SHA256
2771bf5156cdaf5dddc234254dc200064c2643ea2368807a965f5574153b4c08

SHA512
f5c604d95b056b71d801ac9b84d7127718cd9cfab8fffb7524c9c8a919e8a24e3b55d618931302c4be83560bc95871db6ecb9ec79fa254e235bee55d32036e67

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
5d32a3644d850032038b55546b6d6665

SHA1
faeeb777ce0af9716e0e534ba3846051e52e3ab6

SHA256
bc3972ea34c0df384e6b1196cdf88c805f7363949e7c92d5cf457fa5114d4512

SHA512
a14b10468159b67ff7af52f7c8248995d528341000718069734017a079278d0248d76b369dad8b1c20f0b4480ae55d9e5b48ded02a12a83a943def9a4cc3436d

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
d4148c6bc8c9881eedfb64c87375f629

SHA1
485d36a00bdeb09dfc3cb87ed239b0f750d68f16

SHA256
6a8ac79a755982c408b86ac6876d0f861c96ad7b3ce203b8951d7d278b113f20

SHA512
67e75d666f9ec431049e01a883a9e96472b5489929d9a81fff7d1c8518b3980eb9a85c5f510c9daa2bd38e937cad307afbfa11d904b1c554444fd5b174d52a7b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22802\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
75ab723020ac262b6b5669b9be0239c4

SHA1
fa6672eb6ca5f2ba3cd1764a98e1c8875d307866

SHA256
af9bb3ff8b02b16a5ad1897db329bb934d07dc081984044373f2d1ac03532907

SHA512
83b7ccb5c5f550178e72741fa4cdfea55b4c55fd0fca3947618089871872b824cf0e59da12ab342559e3a34d86d98d855064b651a3168c1cfc583d5d4a47308f

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22802\python39.dll

Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI22802\ucrtbase.dll

Filesize
969KB

MD5
60606071bf033275377fd66a2a7de09c

SHA1
2475cdfd25427be07b3662e99c185cc49df35c6e

SHA256
4eace6c996a2ed322bd43810db9fb64e20114682f4b71fcd4031215f803f5f47

SHA512
bf9fbe3d162388be71d866a818f0f583ffb479fa151e62125ff200d40902e6ab1e61822e85ca01c319a1304fd899390ecc7d9ba3b3b061eac84cd23d644b699e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads