Overview

overview

10

Static

static

8f3a70a81a...6c.exe

windows7-x64

10

8f3a70a81a...6c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c.exe

  • Size

    361KB

  • MD5

    b8fba572714a6893023bed66cab6bae2

  • SHA1

    bc8115ddb106759cbdb5f8b6c43191b6f9a532dd

  • SHA256

    8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c

  • SHA512

    a7fe776edb5d0010946699852034e034be77413460ac3ceacb3f58b14546255be6283888dfce79c8f577004c38987a0b09d8de2afae794e635a7f0e7f1c29807

  • SSDEEP

    6144:a991cll5gT62NsqHScpguMLAJvWR5BUTnKmLDyVEzwWyuJ35Zk9Rn:KhnNsSSgguj5cSTnHa/LuJ35Zk9R

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Signatures

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

    trojanspywareimminent
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c.exe
    "C:\Users\Admin\AppData\Local\Temp\8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Users\Admin\AppData\Local\Temp\8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c.exe
      "C:\Users\Admin\AppData\Local\Temp\8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c.exe"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1340
    • C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1756
      • C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1924
        • C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe
          "C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1576
        • C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe
          "C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe"
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of AdjustPrivilegeToken
          PID:1652

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Imminent\Logs\28-11-2022
    Filesize

    35B

    MD5

    93cf39c0efd73d98b1e352cf2372b9b6

    SHA1

    b1992858d45db9a62c1190d1d76d1ac1216ac92b

    SHA256

    00f68fa0ec6bd0a1c2f3c1593df124e944291a0161b70de9810206816a2e5ef3

    SHA512

    7b12bc080acbecfd1fea8d102be94a421b63f0e315c1ab9a3c5a2deb0aeb700f47a7d33349a818ea580ce9741e00221d2cfa4a8e154f590492cc1f8d225aa840

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe
    Filesize

    8KB

    MD5

    8b1102e104f0fc7121b4c3f1e247bcf2

    SHA1

    e611b031ff933efba52597130f717afaf961f568

    SHA256

    7371971b042d3632be65dcd2353ef8f6b35870c7b8405af4ca7f0e2d92289791

    SHA512

    91464c5288e84dff67c652856c89024d90f6cdb19fcc7ee537b93e6d9bfb82b88e65b98f0c7855f6af31ed6b94712ff3d2de6aca94fc73101c250c3bff233a16

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe
    Filesize

    8KB

    MD5

    8b1102e104f0fc7121b4c3f1e247bcf2

    SHA1

    e611b031ff933efba52597130f717afaf961f568

    SHA256

    7371971b042d3632be65dcd2353ef8f6b35870c7b8405af4ca7f0e2d92289791

    SHA512

    91464c5288e84dff67c652856c89024d90f6cdb19fcc7ee537b93e6d9bfb82b88e65b98f0c7855f6af31ed6b94712ff3d2de6aca94fc73101c250c3bff233a16

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe
    Filesize

    8KB

    MD5

    8b1102e104f0fc7121b4c3f1e247bcf2

    SHA1

    e611b031ff933efba52597130f717afaf961f568

    SHA256

    7371971b042d3632be65dcd2353ef8f6b35870c7b8405af4ca7f0e2d92289791

    SHA512

    91464c5288e84dff67c652856c89024d90f6cdb19fcc7ee537b93e6d9bfb82b88e65b98f0c7855f6af31ed6b94712ff3d2de6aca94fc73101c250c3bff233a16

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe
    Filesize

    361KB

    MD5

    b8fba572714a6893023bed66cab6bae2

    SHA1

    bc8115ddb106759cbdb5f8b6c43191b6f9a532dd

    SHA256

    8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c

    SHA512

    a7fe776edb5d0010946699852034e034be77413460ac3ceacb3f58b14546255be6283888dfce79c8f577004c38987a0b09d8de2afae794e635a7f0e7f1c29807

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe
    Filesize

    361KB

    MD5

    b8fba572714a6893023bed66cab6bae2

    SHA1

    bc8115ddb106759cbdb5f8b6c43191b6f9a532dd

    SHA256

    8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c

    SHA512

    a7fe776edb5d0010946699852034e034be77413460ac3ceacb3f58b14546255be6283888dfce79c8f577004c38987a0b09d8de2afae794e635a7f0e7f1c29807

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe
    Filesize

    361KB

    MD5

    b8fba572714a6893023bed66cab6bae2

    SHA1

    bc8115ddb106759cbdb5f8b6c43191b6f9a532dd

    SHA256

    8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c

    SHA512

    a7fe776edb5d0010946699852034e034be77413460ac3ceacb3f58b14546255be6283888dfce79c8f577004c38987a0b09d8de2afae794e635a7f0e7f1c29807

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\AeLookupSvi.exe
    Filesize

    8KB

    MD5

    8b1102e104f0fc7121b4c3f1e247bcf2

    SHA1

    e611b031ff933efba52597130f717afaf961f568

    SHA256

    7371971b042d3632be65dcd2353ef8f6b35870c7b8405af4ca7f0e2d92289791

    SHA512

    91464c5288e84dff67c652856c89024d90f6cdb19fcc7ee537b93e6d9bfb82b88e65b98f0c7855f6af31ed6b94712ff3d2de6aca94fc73101c250c3bff233a16

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\ProfSvc.exe
    Filesize

    361KB

    MD5

    b8fba572714a6893023bed66cab6bae2

    SHA1

    bc8115ddb106759cbdb5f8b6c43191b6f9a532dd

    SHA256

    8f3a70a81ad568eaca0e3fa287d3a1200e0cc903da0a412d58b39debe71abc6c

    SHA512

    a7fe776edb5d0010946699852034e034be77413460ac3ceacb3f58b14546255be6283888dfce79c8f577004c38987a0b09d8de2afae794e635a7f0e7f1c29807

    Download Submit

  • memory/1340-81-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1340-61-0x00000000000C0000-0x000000000010A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1340-72-0x00000000000C0000-0x000000000010A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1340-74-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1340-65-0x00000000000C0000-0x000000000010A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1340-58-0x00000000000C0000-0x000000000010A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1340-64-0x00000000000C0000-0x000000000010A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1340-69-0x00000000000C0000-0x000000000010A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1340-57-0x00000000000C0000-0x000000000010A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1340-60-0x00000000000C0000-0x000000000010A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1576-108-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1576-111-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1576-101-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1576-103-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1652-109-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1652-112-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1756-80-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1756-91-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1756-82-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1784-90-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1784-56-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1784-55-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1784-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1924-89-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1924-88-0x0000000074DE0000-0x000000007538B000-memory.dmp

    Filesize

    5.7MB

    Download