General
-
Target
ngvl.exe
-
Size
1.5MB
-
Sample
240823-jgeb9avaqk
-
MD5
6df0b7e92a08fe937b571172d787086b
-
SHA1
f598674686f0e072cb1350656288fd8b77398192
-
SHA256
d2fb6a2d329b3ddf2f6c67744529043eb3396bcf72e0646dd9e8eb4f4533505d
-
SHA512
1f868259337b8ba4d6e1d29d422f15c279726b26352b4fe43806bc310d5053d254e34ca2f987ebd3c17e179344a52935fa920826e0d6c7e152b6edb6c1d58a75
-
SSDEEP
24576:tkdmXgbiJczOH14NmZVj7fvkJwpoDflHLwhxKn1CRntOZdshd5dI/0m0I/xtjAwX:d14NmZVHEJw8flHchkgoWbLI/xrx
Static task
static1
Behavioral task
behavioral1
Sample
ngvl.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ngvl.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
ngvl.exe
-
Size
1.5MB
-
MD5
6df0b7e92a08fe937b571172d787086b
-
SHA1
f598674686f0e072cb1350656288fd8b77398192
-
SHA256
d2fb6a2d329b3ddf2f6c67744529043eb3396bcf72e0646dd9e8eb4f4533505d
-
SHA512
1f868259337b8ba4d6e1d29d422f15c279726b26352b4fe43806bc310d5053d254e34ca2f987ebd3c17e179344a52935fa920826e0d6c7e152b6edb6c1d58a75
-
SSDEEP
24576:tkdmXgbiJczOH14NmZVj7fvkJwpoDflHLwhxKn1CRntOZdshd5dI/0m0I/xtjAwX:d14NmZVHEJw8flHchkgoWbLI/xrx
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-