Analysis
-
max time kernel
92s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22/01/2025, 15:06
Static task
static1
Behavioral task
behavioral1
Sample
ngrok.exe
Resource
win7-20240903-en
16 signatures
150 seconds
Behavioral task
behavioral2
Sample
ngrok.exe
Resource
win10v2004-20241007-en
2 signatures
150 seconds
General
-
Target
ngrok.exe
-
Size
45.9MB
-
MD5
108a2b2ace16b215f7bd1207be6b1498
-
SHA1
c98b8a1184c1195bced0b9f769943786052b303e
-
SHA256
8cbd5f9b1be18429ebd9e3fd0fe7152682848ed00d359eea9fbdb77840b076af
-
SHA512
c50443d25be2bd80f59545cb25577dcb3240d621bce511a063939baa084c1cef79f40a02414db90f4cc0efa7b751b808131c2b7014966b70a430f086d239985f
-
SSDEEP
393216:rYXEXR3uzMK0GWSFqlV3lYWmnHGm8mtGDfdJlU8Jq8tA9KxFxCfV:rYXEXhuzMmF26WmnHGrO1
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4740 ngrok.exe 4740 ngrok.exe 4740 ngrok.exe 4740 ngrok.exe 2432 ngrok.exe 2432 ngrok.exe 2432 ngrok.exe 2432 ngrok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 4740 wrote to memory of 2432 4740 ngrok.exe 83 PID 4740 wrote to memory of 2432 4740 ngrok.exe 83 PID 4740 wrote to memory of 884 4740 ngrok.exe 84 PID 4740 wrote to memory of 884 4740 ngrok.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\ngrok.exe"C:\Users\Admin\AppData\Local\Temp\ngrok.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4740 -
C:\Users\Admin\AppData\Local\Temp\ngrok.exeC:\Users\Admin\AppData\Local\Temp\ngrok.exe2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2432
-
-
C:\Windows\system32\cmd.execmd.exe /K2⤵PID:884
-