imminent | 065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8

General

Target

065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8.exe
Size

323KB
MD5

c6c3d74303e99631db4a23129ba8d558
SHA1

0eb58bed34743c8841d28b4398a773c5ffcdf294
SHA256

065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8
SHA512

a25e40e247266011b80f782d4efb135f2e8ef1d00a2450edf2e693a6993ee48264f5c0c6ff7a852105bc4f33fddcf8aa70009175fa580b6060d7385626ece3ea

Score

10^/10

imminent spyware trojan

Malware Config

Signatures

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1688	065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1688	065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8.exe
Token: 33	1688	065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8.exe
Token: SeIncBasePriorityPrivilege	1688	065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1688	065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8.exe

C:\Users\Admin\AppData\Local\Temp\065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8.exe
"C:\Users\Admin\AppData\Local\Temp\065aa0002333f6aa1897bf605e564a658d768b685d2b5839e1ffa3697709ecd8.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1688-54-0x0000000076391000-0x0000000076393000-memory.dmp

Filesize
8KB

Download
memory/1688-55-0x0000000074B90000-0x000000007513B000-memory.dmp

Filesize
5.7MB

Download
memory/1688-56-0x0000000073380000-0x0000000073E78000-memory.dmp

Filesize
11.0MB

Download
memory/1688-57-0x0000000074260000-0x00000000749FC000-memory.dmp

Filesize
7.6MB

Download
memory/1688-58-0x00000000740D0000-0x0000000074258000-memory.dmp

Filesize
1.5MB

Download
memory/1688-59-0x00000000727A0000-0x000000007337E000-memory.dmp

Filesize
11.9MB

Download
memory/1688-60-0x0000000072600000-0x000000007279B000-memory.dmp

Filesize
1.6MB

Download
memory/1688-61-0x00000000723F0000-0x00000000724E1000-memory.dmp

Filesize
964KB

Download
memory/1688-62-0x0000000071EB0000-0x00000000723E6000-memory.dmp

Filesize
5.2MB

Download
memory/1688-63-0x0000000071DA0000-0x0000000071EA4000-memory.dmp

Filesize
1.0MB

Download
memory/1688-64-0x0000000071AA0000-0x0000000071ADA000-memory.dmp

Filesize
232KB

Download
memory/1688-65-0x0000000074B90000-0x000000007513B000-memory.dmp

Filesize
5.7MB

Download
memory/1688-66-0x0000000073380000-0x0000000073E78000-memory.dmp

Filesize
11.0MB

Download
memory/1688-67-0x0000000074260000-0x00000000749FC000-memory.dmp

Filesize
7.6MB

Download
memory/1688-68-0x00000000740D0000-0x0000000074258000-memory.dmp

Filesize
1.5MB

Download
memory/1688-69-0x00000000727A0000-0x000000007337E000-memory.dmp

Filesize
11.9MB

Download
memory/1688-70-0x0000000072600000-0x000000007279B000-memory.dmp

Filesize
1.6MB

Download
memory/1688-71-0x00000000723F0000-0x00000000724E1000-memory.dmp

Filesize
964KB

Download
memory/1688-72-0x0000000071DA0000-0x0000000071EA4000-memory.dmp

Filesize
1.0MB

Download
memory/1688-73-0x0000000071AA0000-0x0000000071ADA000-memory.dmp

Filesize
232KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads