imminent | a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590

Analysis

max time kernel
157s
max time network
219s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 17:02

Target

a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe
Size

366KB
MD5

b927af6dcc20ef96db5c8232195879d6
SHA1

db1c7218b260a71ae28af9c3605eae8b0383ae3a
SHA256

a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590
SHA512

8c19d6af9975ed0cf0d89f4ef2b787a3d9fb3a320f5a1c57663e9468254903558fde141da6125f171224c30ebe298cde2b1adad0e010b7c24e9f74727f8396ad
SSDEEP

6144:Xytl4s54G9qsVG8u+udBQnkB+hB5+bZinz3yLRrAJhEioQnGe6HG:XY6MgdBQnkB+T8yu6/oQN6H

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1440 set thread context of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
572	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe
Token: SeDebugPrivilege	572	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
572	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28
PID 1440 wrote to memory of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28
PID 1440 wrote to memory of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28
PID 1440 wrote to memory of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28
PID 1440 wrote to memory of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28
PID 1440 wrote to memory of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28
PID 1440 wrote to memory of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28
PID 1440 wrote to memory of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28
PID 1440 wrote to memory of 572	1440	a81d9fe3601981b6cd59d6781c651b1897a1b4c9481f1ae7160a45427a3dc590.exe	28

memory/572-61-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/572-56-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/572-57-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/572-59-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/572-60-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/572-65-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/572-67-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/572-69-0x0000000074F90000-0x000000007553B000-memory.dmp

Filesize
5.7MB

Download
memory/572-70-0x0000000074F90000-0x000000007553B000-memory.dmp

Filesize
5.7MB

Download
memory/1440-55-0x0000000075000000-0x00000000755AB000-memory.dmp

Filesize
5.7MB

Download
memory/1440-54-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download
memory/1440-64-0x0000000075000000-0x00000000755AB000-memory.dmp

Filesize
5.7MB

Download