Analysis

  • max time kernel
    92s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/01/2025, 15:06

General

  • Target

    ngrok.exe

  • Size

    45.9MB

  • MD5

    108a2b2ace16b215f7bd1207be6b1498

  • SHA1

    c98b8a1184c1195bced0b9f769943786052b303e

  • SHA256

    8cbd5f9b1be18429ebd9e3fd0fe7152682848ed00d359eea9fbdb77840b076af

  • SHA512

    c50443d25be2bd80f59545cb25577dcb3240d621bce511a063939baa084c1cef79f40a02414db90f4cc0efa7b751b808131c2b7014966b70a430f086d239985f

  • SSDEEP

    393216:rYXEXR3uzMK0GWSFqlV3lYWmnHGm8mtGDfdJlU8Jq8tA9KxFxCfV:rYXEXhuzMmF26WmnHGrO1

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ngrok.exe
    "C:\Users\Admin\AppData\Local\Temp\ngrok.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Users\Admin\AppData\Local\Temp\ngrok.exe
      C:\Users\Admin\AppData\Local\Temp\ngrok.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2432
    • C:\Windows\system32\cmd.exe
      cmd.exe /K
      2⤵
        PID:884

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads