imminent | 3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd

General

Target

3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe
Size

307KB
MD5

4f132ec553364939e2a885ed6ae4b050
SHA1

8d99c64848b593e8cfe131b47d36ebccaa28f336
SHA256

3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd
SHA512

437314c3b697b7d5c89bd3f53aac13b77c04f18b68b1053e6443f62e95c7293655279b4877492066c314e585908f8f9d86262a2950aab4e652e60fd42a030a05
SSDEEP

6144:hsjD5nX5L2tIgfLBwJgQN2gCo9fzFBW9s:hmX5L2tIgfKJg259fm

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1672 set thread context of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe
1868	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1868	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe
Token: SeDebugPrivilege	1868	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1868	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2036	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	27
PID 1672 wrote to memory of 2036	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	27
PID 1672 wrote to memory of 2036	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	27
PID 1672 wrote to memory of 2036	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	27
PID 1672 wrote to memory of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28
PID 1672 wrote to memory of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28
PID 1672 wrote to memory of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28
PID 1672 wrote to memory of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28
PID 1672 wrote to memory of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28
PID 1672 wrote to memory of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28
PID 1672 wrote to memory of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28
PID 1672 wrote to memory of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28
PID 1672 wrote to memory of 1868	1672	3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe	28

C:\Users\Admin\AppData\Local\Temp\3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe
"C:\Users\Admin\AppData\Local\Temp\3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe
  "C:\Users\Admin\AppData\Local\Temp\3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe"
  2⤵
  PID:2036
- C:\Users\Admin\AppData\Local\Temp\3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe
  "C:\Users\Admin\AppData\Local\Temp\3058b3cb64ce72c823561ddfa92022262adfd572b5dcfa6e6688800d7c2ab8dd.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1868

memory/1672-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download
memory/1672-55-0x00000000744F0000-0x0000000074A9B000-memory.dmp

Filesize
5.7MB

Download
memory/1672-56-0x00000000744F0000-0x0000000074A9B000-memory.dmp

Filesize
5.7MB

Download
memory/1672-69-0x00000000744F0000-0x0000000074A9B000-memory.dmp

Filesize
5.7MB

Download
memory/1868-62-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1868-60-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1868-61-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1868-58-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1868-65-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1868-67-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1868-57-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1868-70-0x00000000744F0000-0x0000000074A9B000-memory.dmp

Filesize
5.7MB

Download
memory/1868-71-0x00000000744F0000-0x0000000074A9B000-memory.dmp

Filesize
5.7MB

Download