imminent | beace8df01346080162d047f3fd3ead1e2b87d7bdaf03525000d51386285cb7a

Analysis

max time kernel
159s
max time network
186s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 11:45

Target

1bc2d486735244a0b77768ba6c0d320c.exe
Size

1.2MB
MD5

1bc2d486735244a0b77768ba6c0d320c
SHA1

2d5690f5572384cc343ea7bcc6e67aac585f1f8b
SHA256

beace8df01346080162d047f3fd3ead1e2b87d7bdaf03525000d51386285cb7a
SHA512

c9e583b71a9dac8929b61914e5a03f640c7353166591b896e984a26de0802923bb49009967e1497a35f18a20169a0c295815a8e9da15a2d9ced5e913afd9e700
SSDEEP

24576:Ltb20pkaCqT5TBWgNQ7aIw9j5A4O9Hwuqj61ZZlRDMsNV6A6:IVg5tQ7aIw9ju4OW56XzSsr56

Score

10^/10

Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
trojan spyware imminent

Drops startup file 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tpgknwazxqhbcpq.fr.url	1bc2d486735244a0b77768ba6c0d320c.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2312 set thread context of 2380	2312	1bc2d486735244a0b77768ba6c0d320c.exe	29

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2380	RegAsm.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2312	1bc2d486735244a0b77768ba6c0d320c.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2380	RegAsm.exe
Token: 33	2380	RegAsm.exe
Token: SeIncBasePriorityPrivilege	2380	RegAsm.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2380	RegAsm.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2380	2312	1bc2d486735244a0b77768ba6c0d320c.exe	29
PID 2312 wrote to memory of 2380	2312	1bc2d486735244a0b77768ba6c0d320c.exe	29
PID 2312 wrote to memory of 2380	2312	1bc2d486735244a0b77768ba6c0d320c.exe	29
PID 2312 wrote to memory of 2380	2312	1bc2d486735244a0b77768ba6c0d320c.exe	29
PID 2312 wrote to memory of 2380	2312	1bc2d486735244a0b77768ba6c0d320c.exe	29
PID 2312 wrote to memory of 2380	2312	1bc2d486735244a0b77768ba6c0d320c.exe	29
PID 2312 wrote to memory of 2380	2312	1bc2d486735244a0b77768ba6c0d320c.exe	29
PID 2312 wrote to memory of 2380	2312	1bc2d486735244a0b77768ba6c0d320c.exe	29

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\appxygoo

Filesize
322KB

MD5
f7bbceb6799a7c8d1ff9d81a3675ad32

SHA1
3bf6ce17f1a4f61539f9a20626a9b897e69e234a

SHA256
ea355cd5de5b92fc8ad7900cf258c00c2ce7e6a9123cb33386f733c885edc358

SHA512
2de1a4db0e20d0eec283cdf475ad1032b6453ccb2d44248ef4f50638f13ae44f368a58a18d937136b9f2bebb61084136f43afdd4afe59b62f567842fcccc9142

Download Submit
memory/2312-10-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/2380-15-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2380-13-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2380-11-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2380-16-0x00000000003D0000-0x00000000003E0000-memory.dmp

Filesize
64KB

Download
memory/2380-17-0x0000000004540000-0x00000000045EE000-memory.dmp

Filesize
696KB

Download
memory/2380-18-0x00000000006C0000-0x00000000006E8000-memory.dmp

Filesize
160KB

Download
memory/2380-19-0x0000000000700000-0x0000000000716000-memory.dmp

Filesize
88KB

Download