imminent | d66f3d576d216843aa4a2aef507b16806ea325282ae0757c95d3d0ca51ad599b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

d66f3d576d...9b.exe

windows7-x64

d66f3d576d...9b.exe

windows10-2004-x64

Sharing

General

Target

d66f3d576d216843aa4a2aef507b16806ea325282ae0757c95d3d0ca51ad599b
Size

283KB
Sample

221126-2m3k5sag39
MD5

8cb8710b7da5abf186990b0d20f9204a
SHA1

361b362e201021c61c145f3ceee972b99217d135
SHA256

d66f3d576d216843aa4a2aef507b16806ea325282ae0757c95d3d0ca51ad599b
SHA512

76878d3447124456605a505de02d97710ac1c236b76bab7e1ab4ab70ffeceac6a3d466a562558f12762fe777147134c27589466e20f922cb2818dbd1bfb1a2f3
SSDEEP

6144:3VuZKWcJp2gPf6CHcy2xU2/F6iadu6qSN44h+bXge5UX+JbAgS:wZup2gPyCbCy3rjN9+se5U

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

d66f3d576d216843aa4a2aef507b16806ea325282ae0757c95d3d0ca51ad599b.exe

Resource

win7-20221111-en

imminent persistence spyware trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d66f3d576d216843aa4a2aef507b16806ea325282ae0757c95d3d0ca51ad599b.exe

Resource

win10v2004-20221111-en

imminent persistence spyware trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d66f3d576d216843aa4a2aef507b16806ea325282ae0757c95d3d0ca51ad599b
- Size
  
  283KB
- MD5
  
  8cb8710b7da5abf186990b0d20f9204a
- SHA1
  
  361b362e201021c61c145f3ceee972b99217d135
- SHA256
  
  d66f3d576d216843aa4a2aef507b16806ea325282ae0757c95d3d0ca51ad599b
- SHA512
  
  76878d3447124456605a505de02d97710ac1c236b76bab7e1ab4ab70ffeceac6a3d466a562558f12762fe777147134c27589466e20f922cb2818dbd1bfb1a2f3
- SSDEEP
  
  6144:3VuZKWcJp2gPf6CHcy2xU2/F6iadu6qSN44h+bXge5UX+JbAgS:wZup2gPyCbCy3rjN9+se5U
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy