imminent | 0c9e091285c6d82f3c0140bb06266edb17c9cd3faab32835b1aded34f810fd3f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0c9e091285...3f.exe

windows7-x64

0c9e091285...3f.exe

windows10-2004-x64

Sharing

General

Target

0c9e091285c6d82f3c0140bb06266edb17c9cd3faab32835b1aded34f810fd3f
Size

1.4MB
Sample

221128-w2z6nsbd71
MD5

a3e5ec5555b57a904cc84a9b096ad420
SHA1

6d5284c72fa32beb4a7fc7939e6b61e9d9b83eb4
SHA256

0c9e091285c6d82f3c0140bb06266edb17c9cd3faab32835b1aded34f810fd3f
SHA512

134e418a2926520637a976ffc364a87a53e1d9e24ebfc5b0df9bfa701023ff6c394de5778e5e919a916218f38f51503b0580cd30121e831cba3e7f2538e7f0db
SSDEEP

6144:AQbZvy6kqLkZLlUbHiJNnPwALifg9Ty2PoBISB5s2UJmh67OB0FARsKfpYT:A+pyXsmLlUri7PgI2XeOek671gsMps

Score

10^/10

imminent persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

0c9e091285c6d82f3c0140bb06266edb17c9cd3faab32835b1aded34f810fd3f.exe

Resource

win7-20221111-en

imminent persistence spyware trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

0c9e091285c6d82f3c0140bb06266edb17c9cd3faab32835b1aded34f810fd3f.exe

Resource

win10v2004-20220812-en

imminent persistence spyware trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  0c9e091285c6d82f3c0140bb06266edb17c9cd3faab32835b1aded34f810fd3f
- Size
  
  1.4MB
- MD5
  
  a3e5ec5555b57a904cc84a9b096ad420
- SHA1
  
  6d5284c72fa32beb4a7fc7939e6b61e9d9b83eb4
- SHA256
  
  0c9e091285c6d82f3c0140bb06266edb17c9cd3faab32835b1aded34f810fd3f
- SHA512
  
  134e418a2926520637a976ffc364a87a53e1d9e24ebfc5b0df9bfa701023ff6c394de5778e5e919a916218f38f51503b0580cd30121e831cba3e7f2538e7f0db
- SSDEEP
  
  6144:AQbZvy6kqLkZLlUbHiJNnPwALifg9Ty2PoBISB5s2UJmh67OB0FARsKfpYT:A+pyXsmLlUri7PgI2XeOek671gsMps
Score

10^/10

imminent persistence spyware trojan
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentpersistencespywaretrojan

behavioral2

imminentpersistencespywaretrojan

© 2018-2025

Terms | Privacy