imminent | 76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d

Analysis

max time kernel
152s
max time network
200s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 23:37

Target

76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe
Size

382KB
MD5

2930929e3286acd152f2512d2039e61e
SHA1

809896ab8f25aca7b34c7572378bbdcec6e5f2ab
SHA256

76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d
SHA512

16cbb50f18cb7da8541b6f3f004b2cb2211b737d16a0a71e9a26570f67a3f082568c23ce699970789a3248dd298b9a1732fad03a4dbdad3a5dadb64a2daf1b7c
SSDEEP

6144:sEttWuDwUinv7V7c5OSOU3nNrifnzl8rDsMpRc7fRXLAks+E91ErkeMs7:sBbjvRI5Ou3Nrsnz+r7RqhLxI1Erd7

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1384 set thread context of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
676	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe
Token: SeDebugPrivilege	676	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
676	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28
PID 1384 wrote to memory of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28
PID 1384 wrote to memory of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28
PID 1384 wrote to memory of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28
PID 1384 wrote to memory of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28
PID 1384 wrote to memory of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28
PID 1384 wrote to memory of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28
PID 1384 wrote to memory of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28
PID 1384 wrote to memory of 676	1384	76cb03a9a091fabd9fd2041995be05632c35d6e3abb2e565e0e71d146ee70f3d.exe	28

memory/676-61-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/676-71-0x00000000746C0000-0x0000000074C6B000-memory.dmp

Filesize
5.7MB

Download
memory/676-57-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/676-58-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/676-60-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/676-70-0x00000000746C0000-0x0000000074C6B000-memory.dmp

Filesize
5.7MB

Download
memory/676-62-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/676-67-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/676-65-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1384-54-0x00000000754C1000-0x00000000754C3000-memory.dmp

Filesize
8KB

Download
memory/1384-69-0x00000000746C0000-0x0000000074C6B000-memory.dmp

Filesize
5.7MB

Download
memory/1384-55-0x00000000746C0000-0x0000000074C6B000-memory.dmp

Filesize
5.7MB

Download
memory/1384-56-0x00000000746C0000-0x0000000074C6B000-memory.dmp

Filesize
5.7MB

Download