imminent | e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1

Analysis

max time kernel
137s
max time network
148s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 17:37

Target

e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe
Size

360KB
MD5

a9bc50fbbfd9cdac522d5329b32ffb79
SHA1

bdc1f747d4c4a80a7f23908d14548cecc0eccdd4
SHA256

e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1
SHA512

8ffee32a84f005b2cddc72837c28e3394cff310e6483f8e8ff18358a479e918a64c9c49dd6709da8bbe3d1fb2ea7709ec4b871256a53789ba6e6377c76f594b3
SSDEEP

6144:kyuEhJdMU9ousBpW6t6VCjlDrarZoUIb+irtjzTUnPMq:PuEhJxShzW6gVCjkFrirtPTUP

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1088 set thread context of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1936	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe
Token: SeDebugPrivilege	1936	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1936	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28
PID 1088 wrote to memory of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28
PID 1088 wrote to memory of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28
PID 1088 wrote to memory of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28
PID 1088 wrote to memory of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28
PID 1088 wrote to memory of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28
PID 1088 wrote to memory of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28
PID 1088 wrote to memory of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28
PID 1088 wrote to memory of 1936	1088	e7c55d26b4b2539cd43065091b72cd5e66ea434ac364afc4662c59373537bae1.exe	28

memory/1088-54-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download
memory/1088-55-0x0000000074740000-0x0000000074CEB000-memory.dmp

Filesize
5.7MB

Download
memory/1088-56-0x0000000074740000-0x0000000074CEB000-memory.dmp

Filesize
5.7MB

Download
memory/1088-72-0x0000000074740000-0x0000000074CEB000-memory.dmp

Filesize
5.7MB

Download
memory/1936-61-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1936-60-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1936-58-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1936-64-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1936-65-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1936-69-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1936-57-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1936-73-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1936-75-0x0000000074740000-0x0000000074CEB000-memory.dmp

Filesize
5.7MB

Download
memory/1936-76-0x0000000074740000-0x0000000074CEB000-memory.dmp

Filesize
5.7MB

Download