imminent | 67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461

Analysis

max time kernel
172s
max time network
185s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 17:48

Target

67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe
Size

360KB
MD5

c3432a1a338c6e7b82e7c7c55ac730c3
SHA1

e5b2f9be0e45e9d1f51a633c1b8018ce556c909b
SHA256

67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461
SHA512

50e7b7104370ed1fc2e6848d2bceeb1533fb9fe3a68d9a06a2d13c97198c07e8cfded6b56e585a353ed72f7911beaf8372cd75e47f1e269750af619351c4bc48
SSDEEP

6144:UoGcdjit4YxAOD7NIMxa+EZR8EbrXc1+egmUxvmPMq:UoPdWtA+IMxa+kKajNTRv2

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1076 set thread context of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
576	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe
Token: SeDebugPrivilege	576	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
576	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28
PID 1076 wrote to memory of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28
PID 1076 wrote to memory of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28
PID 1076 wrote to memory of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28
PID 1076 wrote to memory of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28
PID 1076 wrote to memory of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28
PID 1076 wrote to memory of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28
PID 1076 wrote to memory of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28
PID 1076 wrote to memory of 576	1076	67bbc1a389539d468271d9a12c235cda21af63ace5a4ddd1ebd97d4070c66461.exe	28

memory/576-61-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/576-71-0x0000000073EC0000-0x000000007446B000-memory.dmp

Filesize
5.7MB

Download
memory/576-57-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/576-58-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/576-60-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/576-70-0x0000000073EC0000-0x000000007446B000-memory.dmp

Filesize
5.7MB

Download
memory/576-62-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/576-67-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/576-65-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1076-54-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download
memory/1076-69-0x0000000073EC0000-0x000000007446B000-memory.dmp

Filesize
5.7MB

Download
memory/1076-55-0x0000000073EC0000-0x000000007446B000-memory.dmp

Filesize
5.7MB

Download
memory/1076-56-0x0000000073EC0000-0x000000007446B000-memory.dmp

Filesize
5.7MB

Download