imminent | 66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3

Analysis

max time kernel
155s
max time network
194s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 00:28

Target

66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe
Size

360KB
MD5

44efc9de6edc60517a544eb815a96688
SHA1

f5f4fda330c0551a0590fd265d9fe5ccaf6a2a8c
SHA256

66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3
SHA512

3b6ca401816e1a27d80cd49b1f7dd48da959c422ac5d9af1c1b62976441fdbdc7b7edd153cc1b39c6b03c1bbce147c6ad38b4bec694ac0070bda75cf800443c1
SSDEEP

6144:TTj9GGl4KGYoD+AcO0fG7krC8NK9mkP3rhtWLXPMq:TPhlvroKM0J49fP96

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1396 set thread context of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1732	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe
Token: SeDebugPrivilege	1732	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1732	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28
PID 1396 wrote to memory of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28
PID 1396 wrote to memory of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28
PID 1396 wrote to memory of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28
PID 1396 wrote to memory of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28
PID 1396 wrote to memory of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28
PID 1396 wrote to memory of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28
PID 1396 wrote to memory of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28
PID 1396 wrote to memory of 1732	1396	66d0edeb120cfd683168489e9ea73c46d68ba7802d89155bb2b6ea9317a564d3.exe	28

memory/1396-54-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download
memory/1396-55-0x0000000074620000-0x0000000074BCB000-memory.dmp

Filesize
5.7MB

Download
memory/1396-56-0x0000000074620000-0x0000000074BCB000-memory.dmp

Filesize
5.7MB

Download
memory/1396-72-0x0000000074620000-0x0000000074BCB000-memory.dmp

Filesize
5.7MB

Download
memory/1732-61-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1732-60-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1732-58-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1732-65-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1732-64-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1732-69-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1732-57-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1732-73-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1732-75-0x0000000074070000-0x000000007461B000-memory.dmp

Filesize
5.7MB

Download
memory/1732-76-0x0000000074070000-0x000000007461B000-memory.dmp

Filesize
5.7MB

Download