imminent | 66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3

Analysis

max time kernel
159s
max time network
195s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 00:28

Target

66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe
Size

380KB
MD5

67b20aa2e0955043699dc6011f0f4b42
SHA1

c3d331027a35f6568fefcb12ef7023f86c75ad4d
SHA256

66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3
SHA512

8431b28193461e22c1d3df751f0fc8e696175b4cb52cde7dcb9a4e8ee8a513a106beec82e000f2239c32af57751983c14d21bacb4a64d0ff034eba788a8df3e2
SSDEEP

6144:evlJxAPFX/CZsTv7n8o5CwwGfLamPVWdciBNpf+2U65itWUvAkIKyli:4lwtisjbvZwSL9KciRfnFotWUYkIKyli

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1976 set thread context of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
900	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe
Token: SeDebugPrivilege	900	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
900	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28
PID 1976 wrote to memory of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28
PID 1976 wrote to memory of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28
PID 1976 wrote to memory of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28
PID 1976 wrote to memory of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28
PID 1976 wrote to memory of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28
PID 1976 wrote to memory of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28
PID 1976 wrote to memory of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28
PID 1976 wrote to memory of 900	1976	66ee1f20223335a676c5776e4ec3cef6cb070a43055099c3a3a69060886448a3.exe	28

memory/900-61-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/900-62-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/900-71-0x0000000074AB0000-0x000000007505B000-memory.dmp

Filesize
5.7MB

Download
memory/900-57-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/900-58-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/900-60-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/900-70-0x0000000074AB0000-0x000000007505B000-memory.dmp

Filesize
5.7MB

Download
memory/900-67-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/900-65-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1976-54-0x0000000075761000-0x0000000075763000-memory.dmp

Filesize
8KB

Download
memory/1976-69-0x0000000074AB0000-0x000000007505B000-memory.dmp

Filesize
5.7MB

Download
memory/1976-55-0x0000000074AB0000-0x000000007505B000-memory.dmp

Filesize
5.7MB

Download
memory/1976-56-0x0000000074AB0000-0x000000007505B000-memory.dmp

Filesize
5.7MB

Download