imminent | 589ecdc0506f31bb76ca64b91f4a454d5e107c4a3d924e2200fa488ea36659c7 | Triage

Analysis

max time kernel
154s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2022 13:24

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

321KB
MD5

c1039ca17cafd621220b9bfa40b2ca0f
SHA1

b954a56f9d76aa862b31369df6c2a3ed41df6abb
SHA256

f85ec35e69a57dabbf7aa0243dd33c42a9ca8ce8d86f70bbce85786a2b1831de
SHA512

1daa1f178f0a169b27ae95e647431f42ae850e3e18aa17cd199bcbcacd024bca8cb1f55d6a66e32efe44a41a85e51732d0fb2aade55b1e3425dd4ef64678e41f

Score

10^/10

imminent spyware trojan

Malware Config

Signatures

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	tmp.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	tmp.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	tmp.exe
File created	C:\Windows\assembly\Desktop.ini	tmp.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	tmp.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4176	tmp.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4176	tmp.exe
Token: 33	4176	tmp.exe
Token: SeIncBasePriorityPrivilege	4176	tmp.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4176	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4176

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4176-130-0x0000000075580000-0x0000000075B31000-memory.dmp

Filesize
5.7MB

Download
memory/4176-131-0x0000000075580000-0x0000000075B31000-memory.dmp

Filesize
5.7MB

Download