imminent | ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208

Analysis

max time kernel
134s
max time network
194s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 19:07

Target

ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe
Size

380KB
MD5

6848b1fa9f7fd919ee128fea001f88b0
SHA1

69cfe2c52cbccfd185793c0e65decf7aa43b7341
SHA256

ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208
SHA512

99bd4752de27a4af70f8d513f8fbc0cbd61e1920a0ef5b705ae44db517d6e05447a8c77a47ee293e61d5b661f5a0d5fa309bafda036657063fdc2a359b6308c6
SSDEEP

6144:IxbH1dWW+I9opBeK+J3t3dHwYuOXEPnGbHKsVEcS+gpaYx1fs+R59/m:ObPWW+I9opOt1wvsEeT7Shs+R6

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1160 set thread context of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2028	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe
Token: SeDebugPrivilege	2028	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2028	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28
PID 1160 wrote to memory of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28
PID 1160 wrote to memory of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28
PID 1160 wrote to memory of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28
PID 1160 wrote to memory of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28
PID 1160 wrote to memory of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28
PID 1160 wrote to memory of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28
PID 1160 wrote to memory of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28
PID 1160 wrote to memory of 2028	1160	ccf5853d9ca97cd9fa2b95f1b7cf533183f2b45b7c4e553016a7d9d7c8e6e208.exe	28

memory/1160-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/1160-55-0x0000000074780000-0x0000000074D2B000-memory.dmp

Filesize
5.7MB

Download
memory/1160-56-0x0000000074780000-0x0000000074D2B000-memory.dmp

Filesize
5.7MB

Download
memory/1160-69-0x0000000074780000-0x0000000074D2B000-memory.dmp

Filesize
5.7MB

Download
memory/2028-61-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2028-60-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2028-58-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2028-62-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2028-65-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2028-67-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2028-57-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2028-70-0x0000000074780000-0x0000000074D2B000-memory.dmp

Filesize
5.7MB

Download
memory/2028-71-0x0000000074780000-0x0000000074D2B000-memory.dmp

Filesize
5.7MB

Download