Overview

overview

10

Static

static

3

SecuriteIn...25.exe

windows7-x64

10

SecuriteIn...25.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2024 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Heuristic.HEUR.AGEN.1318539.12125.exe

  • Size

    852KB

  • MD5

    e04213f27f4e2c763e0b8910f7743af3

  • SHA1

    2707a70bfb085112cb02c82c738f752a4e789825

  • SHA256

    047fcf6cf1e83002c31d9725f92abe3014bcb0a65a3078dcc6467036ba792547

  • SHA512

    423039cd63fac7e3ceda72bf26695cc94339b1105b4c1a0bf603364e239658b30be841c47e781da867ff1ea0f22428c589ce3daac2c3834ef58e552fdafb242e

  • SSDEEP

    24576:2deM8k31Q2B7oVSRZw/bO/PVggnoGhkOF8rcbfdaMQ8NNr+OZQw6F77GEm+pV0kn:8e831bEOOyy

Score
10/10
imminentpersistencespywaretrojan

Malware Config

Signatures

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

    trojanspywareimminent
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heuristic.HEUR.AGEN.1318539.12125.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heuristic.HEUR.AGEN.1318539.12125.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4004
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:3008

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Imminent\Path.dat
      Filesize

      50B

      MD5

      5e5949ab86f7e6eb19f2a7d1d11313e9

      SHA1

      4a92320fc66ef89ae83584962371fe2d7543ffa1

      SHA256

      581df2cddc7a7b8753b6f7a448ef410500222a70c265e481ce4bd815d3ac0db6

      SHA512

      dc5f4d1db3484512cc042f566570b9c4c91372a8fa22039d953597df81d5b616e285a0e7893e77d9d9f8ecd7ffed3a8983a62fca4f54159ccd7cf19fb261065c

      Download Submit

    • memory/4004-35-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4004-48-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4004-47-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4004-46-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4004-45-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4004-44-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4004-43-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4004-42-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4004-37-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4004-36-0x0000000005A40000-0x0000000005A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4956-14-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-18-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-21-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-23-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-24-0x0000000005650000-0x0000000005660000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4956-25-0x0000000009C80000-0x0000000009D1C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/4956-26-0x000000000A2D0000-0x000000000A874000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4956-27-0x00000000058B0000-0x0000000005942000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4956-28-0x0000000005E40000-0x0000000005EA6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4956-29-0x0000000006120000-0x0000000006138000-memory.dmp

      Filesize

      96KB

      Download

    • memory/4956-32-0x0000000006160000-0x0000000006176000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4956-33-0x0000000006CF0000-0x0000000006CFA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4956-12-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-20-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-0-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-15-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-10-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-8-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-9-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-7-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-6-0x0000000000F90000-0x0000000001038000-memory.dmp

      Filesize

      672KB

      Download

    • memory/4956-5-0x00000000055E0000-0x0000000005608000-memory.dmp

      Filesize

      160KB

      Download

    • memory/4956-4-0x0000000074580000-0x0000000074D30000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4956-70-0x0000000074580000-0x0000000074D30000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4956-74-0x0000000005650000-0x0000000005660000-memory.dmp

      Filesize

      64KB

      Download