3a941b54e50c18ef8836ca78f7def32e1b8ee19a174582e155d139604967d7d6

Analysis

max time kernel
190s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ngrok.exe
Size

28.2MB
MD5

fe94c576b99dcc99b1c82fce00af97ab
SHA1

aea717754ba2ba8fb3981bb87837b150ab659023
SHA256

3e20143e3e6346e09009109c997e91ce135eafc20496a02b2d5bad4a0b2a823c
SHA512

9bfbc9063924c61a5fe5338ea7c332d764575d62e80ac20356a9d10901b40266dd536d19274302ddf1cdc8b92fdb9c0bda4d807ef012d55db7f5e28453b16b34
SSDEEP

98304:FNE2/fNpo5pemooOoC3iQ5Ao2oPOt6rv8TT5bNGcP/NT41ue+ROhNZkJKfyq1t4C:DE2/CemooOoyz5XPOv5svw1B6

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

ngrok.exengrok.exe

pid process

1572 ngrok.exe
1572 ngrok.exe
1572 ngrok.exe
1572 ngrok.exe
3876 ngrok.exe
3876 ngrok.exe
3876 ngrok.exe
3876 ngrok.exe

pid	process
1572	ngrok.exe
1572	ngrok.exe
1572	ngrok.exe
1572	ngrok.exe
3876	ngrok.exe
3876	ngrok.exe
3876	ngrok.exe
3876	ngrok.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ngrok.exe

description	pid	process	target process
PID 1572 wrote to memory of 3876	1572	ngrok.exe	ngrok.exe
PID 1572 wrote to memory of 3876	1572	ngrok.exe	ngrok.exe
PID 1572 wrote to memory of 436	1572	ngrok.exe	cmd.exe
PID 1572 wrote to memory of 436	1572	ngrok.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\ngrok.exe
"C:\Users\Admin\AppData\Local\Temp\ngrok.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1572

C:\Users\Admin\AppData\Local\Temp\ngrok.exe
C:\Users\Admin\AppData\Local\Temp\ngrok.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3876

C:\Windows\system32\cmd.exe
cmd.exe /K
2⤵
PID:436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\ComparePop.jpg
Filesize
402KB

MD5
4b25ab5784c8a8f4595ace4bfd01c591

SHA1
d26c520b491c7814bc9977f0ccc9e6868c896398

SHA256
7403eafde2e5157fda778a2b3b91b9ee9c2e497d439a7ba3e395fc3f4a2a2a95

SHA512
bef5c193b00325a7c8355ee3ebb472b67834ff8fc8d7ca9a3ec4d5c38deaa8577a4e73c97c873f9fa11cc5a8cbaa3f992b21faac761862b22c42a26d75b54d17

Download Submit
C:\Users\Admin\Desktop\CompleteUninstall.mht
Filesize
530KB

MD5
0ed80d9cc1981f04eb6bc215089e20fb

SHA1
afe52f76405fce1f69730aafd33ca6c59f1685f0

SHA256
59b1c4faa5cd0aec0a691849129512a65d2fdad9109632a3a2ed3df7f28869e7

SHA512
973c17af79fbaaf15d0b4a3121255397ef82d2500eb6cf2021043ccd31dd8d12e7964811b23cbf514727e96fc96ee34c43755aad4a8ec10f0f808c906cf6769e

Download Submit
C:\Users\Admin\Desktop\CompressRevoke.aif
Filesize
784KB

MD5
0a6a0c5033c05051bc9553375605308a

SHA1
27fc9de6a2be179a6a87b63df4a15d1f4e1825b7

SHA256
5a6d850bb1d64fad892df5257adeb7fb5c9578dbb067d8fb8f6c414add87b084

SHA512
60b43ea020e7e4f7102566207f1c332ce49c00a3312a96ad06c5d097f14a3c83db7c53e39e1a91e012bf83adb40798e73f939130c023106d25f32964a6ce8fde

Download Submit
C:\Users\Admin\Desktop\ConnectClose.ttf
Filesize
678KB

MD5
d2fab8151483f6724167a51c5b493aa7

SHA1
af9ab66921ebbfb8b42eb0e6446a71133e91b527

SHA256
0203789884ab1597468e81ddcb3a2918fb3b675eaf1895d67ebe87ee352a94ba

SHA512
791211d830374ede786cb614d807ffcc5862103e6174d0521d52b19ce0a25919f804c4d0e0f5b67e888cbc89219627784217e4df6cb9ab1daf9743424cec02ed

Download Submit
C:\Users\Admin\Desktop\ConvertCompare.m4a
Filesize
721KB

MD5
639ee8429b709cbe1c79d9095fa5df4a

SHA1
785f66006f4731a5565eaa6e8ec82df3d2475914

SHA256
5a963ff8eb59ad45da788efe6b67a582eefde78f3e26c5ec4041e3eee590bee5

SHA512
6f34cec4c974c8c436baf3ad313623c5ac1bfa7c1fc155a0dd07b95b9e08351f0f70911a2e195f0437a0b32b1d63a4f034a8142171485ac1828c0e91f3cbd39f

Download Submit
C:\Users\Admin\Desktop\EnableWrite.wax
Filesize
593KB

MD5
c861162bd25a291248210dbfedb5c860

SHA1
7c8ee0998e7ed508b326f704f26fefd48a803a2f

SHA256
062895876be5415a597d5d69333286e2d7258df74b49760286ed5abebdfefabd

SHA512
bf10ebc6ae1fe43d8606f52bb40093d995ab63e4dd7ada0d2f1c2673b58c5fdc7082bc44bf6baf8b0c51d8b77eb79082dd9467a1a869ca14443e954404f1655b

Download Submit
C:\Users\Admin\Desktop\FormatTrace.mov
Filesize
466KB

MD5
9a6a7f8133f6cf91200be31fd2f115ac

SHA1
74b36648630f7862543e5bb63b19efb85443e887

SHA256
f8d988de6ffbda50abf07fcc57637560b13baf522bed70f972408ffc118155ff

SHA512
9557b986e3985f43b63044567bacf8438fe647c15473028abc0f2040f19935fe3559a6c907e37d801f05ba3faddebc7712e27f140167f6952c73840ffcd587c3

Download Submit
C:\Users\Admin\Desktop\ImportSearch.cab
Filesize
551KB

MD5
853f91bcd1fe85009df29af6308a8ffe

SHA1
1a14b3de5eeff238cfa40ce48d8569de1e9dea10

SHA256
67857e0d6a9aa3fe4fc2b1bca1c53450471b1ebc7ce61d3d4dd1c9543b1e7cf6

SHA512
148ebfab33f0eaa54e00b4a8c1394c35c8fcbecb9f96e034e9fbcf563770d793093553d3eb6e8c9b8e92667b03531a18ec33024a42b246b3c8b17e6e3dc2dd87

Download Submit
C:\Users\Admin\Desktop\InvokeRemove.vstm
Filesize
296KB

MD5
93c613244069053801ae130c47527408

SHA1
7a7803af988fbf6b8e5f1eb83608a8404cae9e7b

SHA256
d9e010a69096760e38581558d391c7b67e08bbbf6873c8561ff6f0dc519c4649

SHA512
ae511db4964ecdbf7a9ee1c9757e6bb49dbbc126cb38c05950e238a6e2c6e843f63feae7c6aaf257993e105bbaf3b3c015fdab068ae196b39c40cbeca36a2682

Download Submit
C:\Users\Admin\Desktop\JoinSync.xla
Filesize
275KB

MD5
8c64c2537f4d436bb0e007abd5fb2548

SHA1
4071fe2c614edeae8d685a6644a719449147272b

SHA256
0caeba1fe2580b6fcf89c4b288a1d60b7ee53c623b6f2631e63b7e784213f16b

SHA512
76f07a21057340f2e4fc7ace6e54ee239b863f761b2b5da6b1b0973893b217b375b1c903dc03c103cf2a3d840fa9ab801e37416448de18e28c01c3130ee910f5

Download Submit
C:\Users\Admin\Desktop\MeasureBlock.bmp
Filesize
318KB

MD5
e1200f657040dc75038b317edfee9ad4

SHA1
2837937834a91f251203c06f6276daf6a34bf088

SHA256
485070b26f7ef1191effcef4732108828e52b5a607e609a0427618c37f136581

SHA512
69640fe05b5bf2ed67b66cd5ca7c782cd6b93caebc7f1d9d8505028d2350c5247356a12f862d7438068eb95a6c688e8f6f4767c5f51f02ab74bf917e66222c6b

Download Submit
C:\Users\Admin\Desktop\MountRestart.doc
Filesize
445KB

MD5
afe5ae95a4a04117b6b882b008ce6801

SHA1
50596486fdbee5f558cdd3af7501af18991b6b7b

SHA256
1c0e2821a8647deadc48aa7907ce8eace4ba3bef70c274f73c97e1acb5bf0cb3

SHA512
667cf5cc98ab2c6bd0038702123318346b33e8eb0b45ca0e3742d1181dde4202a4ab576d3cf1418d9448e2f0fa2e187cfbdd68fbfcaa009e6c28f75c955cbe52

Download Submit
C:\Users\Admin\Desktop\NewRestart.avi
Filesize
381KB

MD5
01c6a457a8934dde20b9d9dd60acb18a

SHA1
da97c2d5ad136e9ce7271ad3a05d977b196d331d

SHA256
dd99963a8ac4d746898286fec9566e1a28223bf8fa20c1b60302c4385109dec0

SHA512
f920408d647679dee308dd0b05e16721ae5a5fc9d1938f8024ba464b3b5efdbba754a1b7b595a78cfceb8f830f84bc8dd1cbb936b42e96bc8f108bfbe0b97b67

Download Submit
C:\Users\Admin\Desktop\OpenResolve.jfif
Filesize
508KB

MD5
7af32cc330056d103a5cd65cd519ef4a

SHA1
2fa37ca0b4b221ea3f4637ab0e5269b8b4418c14

SHA256
cca07386a22c54f6b0d2e526886f55fa4d806ae3dfcbf75fa327a03652ed95d8

SHA512
af4600ff5f039dd329c3d8cd61e0905c59fb642423343080344d877f0045bdbdecf89708656e6849984735eb6356342834a146bac8a98983334d2e3f033e5e94

Download Submit
C:\Users\Admin\Desktop\OptimizeOut.html
Filesize
572KB

MD5
f6e8e94614b62b9476fcaa237e3bde5c

SHA1
9ef7949fd50824310a8d8790387078f38ac3e146

SHA256
ea45eca53ae3404a3d43e91e5cc7490f7376e835011c1c2a6bce454f504b029a

SHA512
ae047353ae1c871b30382b27ff4dfdfaafe4968ebca0269cdbd5562f31da7d7c3acd55a89a8d59d7bb7b75b55e09807bd1ec144c0901651700db3a8b9d945e8b

Download Submit
C:\Users\Admin\Desktop\OutShow.vb
Filesize
1.1MB

MD5
b1c8575acf33f4e1ac11733a674e1144

SHA1
647b6c8e08861a98313985d2514c714aeb604330

SHA256
c9bda801d974cf7d1a2c881a8118c8c92d7ba094fe0e6f79a2c3660024dc9b6f

SHA512
de84a179191de2659283ca0e243283e143a65a4e3122f7c65e9368961bed455e36d46bb169a8377b93e5f8386e28bc8719f9c63a6239498f8db36d09e1a9eddf

Download Submit
C:\Users\Admin\Desktop\ReceiveApprove.dxf
Filesize
763KB

MD5
4ef5372fadff9278f402ac7b7e4fc448

SHA1
fb172920d2293359a75df3d7dac4cdca688b85f2

SHA256
1f285b9b5a3e78881031b3315870580a78af439d830a4960f0eb908d1f57a54e

SHA512
119eca0e9b295d5341ebe31c62ba909f51afda3be7e34f0a17f08c22aad450c10f1a26f263e6e9f755633739cef1c25729cc110207506d40bed4409c4a05941c

Download Submit
C:\Users\Admin\Desktop\ResizeSet.ram
Filesize
742KB

MD5
222cf5e9a56ee2cf42db09db91e8466c

SHA1
97c698216d56743d154118ecc89d2e51ab12324c

SHA256
fd34f5695194198537c53261b4acb630cded793b863ae0dff71e3110e85c3260

SHA512
1df6540ccd8e8552a45c78827e93c33e119874b78a02b58b4567c8ee35b2b7e606d8b7393f6e096d31c21a87227757a4aedf153f53a94900ea84a63b54329688

Download Submit
C:\Users\Admin\Desktop\RevokeConvertFrom.mp3
Filesize
699KB

MD5
9c34600e19a52cd680f97ff3a19478d7

SHA1
66911e153292c5c865beddd1130909f5869d470e

SHA256
90c042b8133d7fbd560388da3bc454289390726f4c83502cb2c7c5c0e53fe64e

SHA512
f80f46cb4b636013fdc8364c31c4f4c2e9cd42666b806e9a6a2947c5ddb453ab8f5b804c9519e0144e8c0e11b75577968144433c5bf21d5c7031cf3dfc96be4e

Download Submit
C:\Users\Admin\Desktop\SendSet.dwg
Filesize
339KB

MD5
e18bc6a1ff4caa6c2424e4406efe9d1b

SHA1
68753c519e2d13cf7327884c5bca48600839eaee

SHA256
45a4a008337691aafb5449bd1e0af484f63c6d496b0e334b859f058c31c46a15

SHA512
4f027ea37e0f157d90ed7e740ab0b0d300adcc1ad19bb65457c4a1df6641671bfadfa9213e60b20297e85fc97e0f89700279b4cd26b5bddbd84929547811bbd7

Download Submit
C:\Users\Admin\Desktop\TraceRestart.ps1
Filesize
360KB

MD5
454fb75734fd35d7a50ae2061f7c3384

SHA1
f28cab873b99cdf6eafa6e87a3a587801111b07a

SHA256
8a0b73ebfdb500ea343ae05d02360526d39bd24d0db69914a9eb5442d3a95777

SHA512
0745e2a590d453b0a4e834b0829ccb87590e854d058e41df2f9deb86d8fbbcb2120df1e6e25cc9e2daa49328f6d59969038b1d9760100eabebdbffd3d18add62

Download Submit
C:\Users\Admin\Desktop\UnblockConvert.mpe
Filesize
636KB

MD5
ae11896ac8b9da7b21fbde9c3a471222

SHA1
1b29cd7c963bea5245d075c0a230d5a90b7094e8

SHA256
c0022ceef158deb7e7d43d33068bcfc4324c4e5832d4bb57f2da155d9d9e5d2f

SHA512
ddc723fef8a7b97dabd211e9f646af3d2d19e4342cfd71481399a873a1ec15c89957a1af73053d885b0bd73042731d15cb1031c311fac83189859b297588b7b0

Download Submit
C:\Users\Admin\Desktop\UninstallExport.kix
Filesize
615KB

MD5
6dc53930ba7cd870afe365f11cd74b5c

SHA1
d0d8270c41e501d76426c907222ac1eed3e78a24

SHA256
e6f933eec0b285e92a148bb5df711629dfa559599da0d20b74b1c006d2ef0db3

SHA512
cbc168b779c9277dfa37755c9ec9ba7ca15f192a955969bc0a449211820616052338335ca6f10c47b20673b7719014d1ba7b40be6a54999116d27fdfde52823a

Download Submit
C:\Users\Admin\Desktop\UnregisterBackup.contact
Filesize
487KB

MD5
c92a8aae511dee6c1238e1a7cb2386a4

SHA1
d53b100e4d9356a2389601a2f7530e7c332dd0a1

SHA256
b07f3e3d323bbfbc804b1bd768159026a9cd7016e954d98290f1b18169ad2e73

SHA512
e8dc96c7c1b2bc7d2d365c6cc235c0995a42b60e5a6bf209264312afd672b6ba53d7a749f7ed83e0b017c549e7934be438ca98f1fd0dc64a664fe4fe9cda9346

Download Submit
C:\Users\Admin\Desktop\WatchResolve.otf
Filesize
657KB

MD5
963f8f720ca2fa4ef0cab417610ac5de

SHA1
9430b0b8ed1bf52bb026e1de2b49656973d9ea9b

SHA256
a24f40260d2f59ab0237791d0166ee4c1831ef880bf8a364a3d8c91bb265bd7d

SHA512
944be07fc06fe23dbfde936c49fd9ebec58711d767721b85df3301e1e1d652079a14d30ac2614661fa9a1046d1876fa8005c25f8a26c0bf1cae4a7b244c8604f

Download Submit
C:\Users\Admin\Desktop\WriteBackup.kix
Filesize
424KB

MD5
677a3fe1eac5c40c16bf037867899f13

SHA1
491ce19695db5badd3881c3286b8bed55f2a7e13

SHA256
f0627d2decaf716d718251a32e3ffab78d1ff50646a1d799f76f95ec7d6d18e4

SHA512
a7636c8ef13ba93a024709c1cbdbb7bd049c6267832f9c7b49bb4bbe61309754dfba4cef1d9b49755f538bc58810469fb25b0cf83c8990cb4841322faab3835f

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
Filesize
2KB

MD5
e2ad0ded4db36b644fc500ef583c1f20

SHA1
0bd97e7d0924524b11a48ecf6be3e711ae105bed

SHA256
9ba09969b6270a208c6bb3f866da871a9447618603c8843076b2dcac4c4b0bfc

SHA512
e47c66ac098af06975be2ab53b4d2be19a422cc78cf1a09135ecce1628190dbf5a509e43a10ef8ea2ecf9cba494714298598f14cd3e5a5e9e877e71d7c7c0ec2

Download Submit
C:\Users\Public\Desktop\Firefox.lnk
Filesize
1000B

MD5
c26970c5a170e6aeed9c3623b39195fe

SHA1
25a0f309568ab024072bbfa8dc7523f61f5e1649

SHA256
c6c4b3ca8ac3fd0e66e6fd63c9f7bb198f95255f8769faf827b3fcb37c87504e

SHA512
515775e25dee93a3640eae5b33431b6f565bb1bd0ab76480a70c772c060d66bf5a64a3e2ae76c23940dfab5892a22cdcca910f9788577f26fd16f12ca54fd7e4

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk
Filesize
2KB

MD5
1932c8b4520799d36c84f016b07611de

SHA1
975d547b65b29ce45d27944ebfd2c05b09982744

SHA256
b1a5a3bc2f9e2ef4928c87df01e708f9882f36fb41a052eadc9dc75d7c9a94f7

SHA512
8ac4bb979fb081a387ffc73aedc5b1feba4d17adc7c83f3b044344f13a4edb257dd574708c564dfe60fc6d58d7cb5de750b7c75b8247cdef12f7963791cf5e45

Download Submit
C:\Users\Public\Desktop\Microsoft Edge.lnk
Filesize
2KB

MD5
c252f0ca54c6f159f6d86d66bc3f3343

SHA1
b6f5f21fa957fc597e2940fac21d6e80169c977d

SHA256
60a5682b423099306b7c04ef608793d24fe8fd954526fce56550036c8afbf18e

SHA512
3d6b9cf833e456e26ea97daf390b89c178c97ec8dc91fb81a52ecdb64df91d4c546808e918eaf14ba520676c57c9eabce090815822cc2e4fa98030ac8feed7ba

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk
Filesize
923B

MD5
54f9327aff61478cfc4eaa810a2a13f9

SHA1
796b2cc0bf0afc3e29b9fb1b5ecbea491ae93486

SHA256
29d0507637540a33d503b2c894bcbd92f64dcbf8ff2f612e986f1301445899f0

SHA512
d91b958789352c5d951c4e54260cceac2d32ea5baa67e396a8ccf3d04be6dc8ac0738946879ce950672b821e23d4e237881a54e4faccb239d66317b7290db6d1

Download Submit