imminent | 08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa

Analysis

max time kernel
144s
max time network
170s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 17:04

Target

08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe
Size

365KB
MD5

c87e717ab8c0a67c9e5ac5b730f6cfef
SHA1

d370bf5bdbdfc8cfd1d012a3f6b69798861624b2
SHA256

08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa
SHA512

921e58067cbe2a589ac071c36160221ce57d96203c8f8305490d99291af7961d3647fbd66a933b887fcf3ebdc73b7061084e7762e001835abeaa2ebf8972d334
SSDEEP

6144:2kjfj2GZ1spU20rtnHf/VxV7bte6Y9qToVV4GR7HN/bYG/bKjPuxHhs1DJkOT:f2GZ1sebH3Vnsn9qcVV4QJv+jPuhhQJk

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 888 set thread context of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1220	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe
Token: SeDebugPrivilege	1220	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1220	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28
PID 888 wrote to memory of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28
PID 888 wrote to memory of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28
PID 888 wrote to memory of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28
PID 888 wrote to memory of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28
PID 888 wrote to memory of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28
PID 888 wrote to memory of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28
PID 888 wrote to memory of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28
PID 888 wrote to memory of 1220	888	08e47e936f449f68b069d46ab09ba1c663d8db03a5c8959704acc1321545e6aa.exe	28

memory/888-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/888-55-0x0000000074CB0000-0x000000007525B000-memory.dmp

Filesize
5.7MB

Download
memory/888-56-0x0000000074CB0000-0x000000007525B000-memory.dmp

Filesize
5.7MB

Download
memory/888-65-0x0000000074CB0000-0x000000007525B000-memory.dmp

Filesize
5.7MB

Download
memory/1220-61-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1220-60-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1220-58-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1220-57-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1220-64-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1220-66-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1220-70-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1220-73-0x0000000000080000-0x00000000000CA000-memory.dmp

Filesize
296KB

Download
memory/1220-75-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download
memory/1220-76-0x0000000074700000-0x0000000074CAB000-memory.dmp

Filesize
5.7MB

Download