Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04-07-2024 18:38
Static task
static1
Behavioral task
behavioral1
Sample
ngrok.exe
Resource
win7-20240704-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
ngrok.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
ngrok.exe
-
Size
28.2MB
-
MD5
fe94c576b99dcc99b1c82fce00af97ab
-
SHA1
aea717754ba2ba8fb3981bb87837b150ab659023
-
SHA256
3e20143e3e6346e09009109c997e91ce135eafc20496a02b2d5bad4a0b2a823c
-
SHA512
9bfbc9063924c61a5fe5338ea7c332d764575d62e80ac20356a9d10901b40266dd536d19274302ddf1cdc8b92fdb9c0bda4d807ef012d55db7f5e28453b16b34
-
SSDEEP
98304:FNE2/fNpo5pemooOoC3iQ5Ao2oPOt6rv8TT5bNGcP/NT41ue+ROhNZkJKfyq1t4C:DE2/CemooOoyz5XPOv5svw1B6
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
ngrok.exengrok.exepid process 2796 ngrok.exe 2796 ngrok.exe 2796 ngrok.exe 2796 ngrok.exe 380 ngrok.exe 380 ngrok.exe 380 ngrok.exe 380 ngrok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ngrok.exedescription pid process target process PID 2796 wrote to memory of 380 2796 ngrok.exe ngrok.exe PID 2796 wrote to memory of 380 2796 ngrok.exe ngrok.exe PID 2796 wrote to memory of 2624 2796 ngrok.exe cmd.exe PID 2796 wrote to memory of 2624 2796 ngrok.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ngrok.exe"C:\Users\Admin\AppData\Local\Temp\ngrok.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ngrok.exeC:\Users\Admin\AppData\Local\Temp\ngrok.exe2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.execmd.exe /K2⤵