Overview

overview

10

Static

static

8abebde631...e7.exe

windows7_x64

10

8abebde631...e7.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    169s
  • max time network
    167s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    12-07-2022 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8abebde631005ae15aba91eb8f36fbe7.exe

  • Size

    983KB

  • MD5

    8abebde631005ae15aba91eb8f36fbe7

  • SHA1

    d4ac00d9aee072b6d1499e730cf9bcb27ad957ad

  • SHA256

    2e66e23d1ae80b56efc2c38bf5adbb31dab91b811eaadce68f544e06323d52ef

  • SHA512

    7091584d35154b0711e4a8b6c788cc5db5ad0e6444e5cda5a16ad41a00cf333413fc8ac5b93e84b9b2e5e9350ca89837c6f69b5838ade967b403bd24322ab3fc

Score
10/10
imminentspywaretrojan

Malware Config

Signatures

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

    trojanspywareimminent
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8abebde631005ae15aba91eb8f36fbe7.exe
    "C:\Users\Admin\AppData\Local\Temp\8abebde631005ae15aba91eb8f36fbe7.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\uppEqmN.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2020
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\uppEqmN" /XML "C:\Users\Admin\AppData\Local\Temp\tmp59A5.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:2008
    • C:\Users\Admin\AppData\Local\Temp\8abebde631005ae15aba91eb8f36fbe7.exe
      "C:\Users\Admin\AppData\Local\Temp\8abebde631005ae15aba91eb8f36fbe7.exe"
      2⤵
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1436
      • C:\Windows\SysWOW64\taskmgr.exe
        "C:\Windows\System32\taskmgr.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:980
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 1048
      2⤵
      • Program crash
      PID:848

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp59A5.tmp
    Filesize

    1KB

    MD5

    8529617cce28946b3f862ed976335daa

    SHA1

    8430da30d2ae21128b57380d5e1000624a2f2178

    SHA256

    e71acf98fe039d73a3360bed91a805317de81b134a6f7ca5e03967e9272956fa

    SHA512

    04e1207ac3772400967c3be57adffd4bdd8e89f84ad581e6cbfaea328c3474854b781fa494f8bba348aab09ec162d873632530ef69a05dcf8b5632443f9219bd

    Download Submit

  • memory/1436-81-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-76-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-107-0x0000000000770000-0x000000000077C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1436-83-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-109-0x0000000000F10000-0x0000000000F1E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1436-84-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-110-0x0000000001330000-0x000000000133C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1436-82-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-66-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-67-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-69-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-70-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-71-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-74-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-98-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-77-0x00000000003A0000-0x00000000003C8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1436-79-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-80-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-108-0x0000000000CA0000-0x0000000000CAA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1436-106-0x0000000004AD5000-0x0000000004AE6000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1436-104-0x0000000000760000-0x0000000000776000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1436-103-0x0000000000670000-0x000000000067E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1436-85-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-87-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-89-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-90-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-93-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-95-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1436-96-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1556-56-0x0000000000780000-0x000000000079A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1556-58-0x0000000005280000-0x0000000005324000-memory.dmp

    Filesize

    656KB

    Download

  • memory/1556-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1556-57-0x00000000007A0000-0x00000000007AE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1556-54-0x0000000001380000-0x000000000147C000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/1556-64-0x0000000005FF0000-0x0000000006050000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1556-61-0x0000000004BF5000-0x0000000004C06000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2020-65-0x000000006EC90000-0x000000006F23B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2020-105-0x000000006EC90000-0x000000006F23B000-memory.dmp

    Filesize

    5.7MB

    Download