imminent | 2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20220414-en
submitted
12/06/2022, 08:18

Sharing

Report Analysis Logs

General

Target

2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa.exe
Size

321KB
MD5

268f5e3f31cf11398f5487a337b15238
SHA1

fb39ec670d61d8334644196a3f4f855477b6e854
SHA256

2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa
SHA512

a009f0136d9ec33c4db10539facec3a54c1782c50a4872fe209878b05f492626df0ba2888611aa537ab05e477451929ff1a8a37b1c9a731ad6c32b38d079dad0

Score

10^/10

imminent spyware trojan

Malware Config

Signatures

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
872	2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	872	2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa.exe
Token: 33	872	2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa.exe
Token: SeIncBasePriorityPrivilege	872	2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
872	2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa.exe

C:\Users\Admin\AppData\Local\Temp\2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa.exe
"C:\Users\Admin\AppData\Local\Temp\2189577239106b785b0c8345328c91256d79e1a96bcf5ea03e137fa9af05a7aa.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:872

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/872-54-0x0000000075521000-0x0000000075523000-memory.dmp

Filesize
8KB

Download
memory/872-55-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/872-56-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download