imminent | a9948b9d207375c838170f10d4d9f2b105c7c50161eb87302283bcc3252efe06 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a9948b9d20...06.exe

windows7-x64

a9948b9d20...06.exe

windows10-2004-x64

Sharing

General

Target

a9948b9d207375c838170f10d4d9f2b105c7c50161eb87302283bcc3252efe06
Size

405KB
Sample

221127-aq8g1sfe92
MD5

3fab513ea72b66790a740640d373a607
SHA1

e469c0f22b903886c630653fc03fb13874c79376
SHA256

a9948b9d207375c838170f10d4d9f2b105c7c50161eb87302283bcc3252efe06
SHA512

955a4c564bbf9a9cac798883aeb2df10b503375df6f5baa635a013e5130a8728a8b5c5883555d6c9ebe69b3daf8bb9f1303cb0ec393c1723a96549599e8aea2b
SSDEEP

6144:CoUdF36jIOMPqT2uNLgGzuNQaQPzMqGOY+uoc4OERP493fLk:CoUdF36cOMiZ+QF7MqLck

Score

10^/10

imminent spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

a9948b9d207375c838170f10d4d9f2b105c7c50161eb87302283bcc3252efe06.exe

Resource

win7-20221111-en

imminent spyware trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a9948b9d207375c838170f10d4d9f2b105c7c50161eb87302283bcc3252efe06.exe

Resource

win10v2004-20220812-en

imminent spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  a9948b9d207375c838170f10d4d9f2b105c7c50161eb87302283bcc3252efe06
- Size
  
  405KB
- MD5
  
  3fab513ea72b66790a740640d373a607
- SHA1
  
  e469c0f22b903886c630653fc03fb13874c79376
- SHA256
  
  a9948b9d207375c838170f10d4d9f2b105c7c50161eb87302283bcc3252efe06
- SHA512
  
  955a4c564bbf9a9cac798883aeb2df10b503375df6f5baa635a013e5130a8728a8b5c5883555d6c9ebe69b3daf8bb9f1303cb0ec393c1723a96549599e8aea2b
- SSDEEP
  
  6144:CoUdF36jIOMPqT2uNLgGzuNQaQPzMqGOY+uoc4OERP493fLk:CoUdF36cOMiZ+QF7MqLck
Score

10^/10

imminent spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentspywaretrojan

behavioral2

imminentspywaretrojan

© 2018-2025

Terms | Privacy