Analysis
-
max time kernel
51s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 10:46
Static task
static1
Behavioral task
behavioral1
Sample
ngrok.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
ngrok.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
ngrok.exe
-
Size
28.2MB
-
MD5
fe94c576b99dcc99b1c82fce00af97ab
-
SHA1
aea717754ba2ba8fb3981bb87837b150ab659023
-
SHA256
3e20143e3e6346e09009109c997e91ce135eafc20496a02b2d5bad4a0b2a823c
-
SHA512
9bfbc9063924c61a5fe5338ea7c332d764575d62e80ac20356a9d10901b40266dd536d19274302ddf1cdc8b92fdb9c0bda4d807ef012d55db7f5e28453b16b34
-
SSDEEP
98304:FNE2/fNpo5pemooOoC3iQ5Ao2oPOt6rv8TT5bNGcP/NT41ue+ROhNZkJKfyq1t4C:DE2/CemooOoyz5XPOv5svw1B6
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
ngrok.exengrok.exepid process 3752 ngrok.exe 3752 ngrok.exe 3752 ngrok.exe 3752 ngrok.exe 4896 ngrok.exe 4896 ngrok.exe 4896 ngrok.exe 4896 ngrok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ngrok.exedescription pid process target process PID 3752 wrote to memory of 4896 3752 ngrok.exe ngrok.exe PID 3752 wrote to memory of 4896 3752 ngrok.exe ngrok.exe PID 3752 wrote to memory of 4432 3752 ngrok.exe cmd.exe PID 3752 wrote to memory of 4432 3752 ngrok.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ngrok.exe"C:\Users\Admin\AppData\Local\Temp\ngrok.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ngrok.exeC:\Users\Admin\AppData\Local\Temp\ngrok.exe2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.execmd.exe /K2⤵