Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
94s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
01/06/2024, 22:18
Static task
static1
Behavioral task
behavioral1
Sample
ngrok-v3-stable-windows-amd64.zip
Resource
win11-20240508-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
ngrok.exe
Resource
win11-20240508-en
2 signatures
150 seconds
General
-
Target
ngrok.exe
-
Size
28.2MB
-
MD5
e83c0724855253650f403d9a3b8af84b
-
SHA1
43b8c38f4ba54a00d59cfbdab0d2270f51255915
-
SHA256
706c36f927cdc78f55c5d165ef98014811e61126bca7e22c858d36ca3306f9d7
-
SHA512
ec14cba0b2ef41654323f8c009a5f72792773785d2cfe2adfde9c392bd6158eef25eed61ef5be463be27c4b4f2ba3d13b1bbc637e7b0c53a8682b4520c290e1f
-
SSDEEP
393216:SYOCQQFV9BVqWSIVe1oFb5mMjR1w/HXZrTZ2VYiZ+7oAY:FOCQQFhVqWSIC1Y
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4936 ngrok.exe 4936 ngrok.exe 4936 ngrok.exe 4936 ngrok.exe 3792 ngrok.exe 3792 ngrok.exe 3792 ngrok.exe 3792 ngrok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4936 wrote to memory of 3792 4936 ngrok.exe 79 PID 4936 wrote to memory of 3792 4936 ngrok.exe 79 PID 4936 wrote to memory of 2388 4936 ngrok.exe 80 PID 4936 wrote to memory of 2388 4936 ngrok.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\ngrok.exe"C:\Users\Admin\AppData\Local\Temp\ngrok.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4936 -
C:\Users\Admin\AppData\Local\Temp\ngrok.exeC:\Users\Admin\AppData\Local\Temp\ngrok.exe2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792
-
-
C:\Windows\system32\cmd.execmd.exe /K2⤵PID:2388
-