Overview

overview

10

Static

static

3

5d8446a23b...ad.exe

windows7-x64

10

5d8446a23b...ad.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 10:17 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad.exe

  • Size

    354KB

  • MD5

    a728603061b5aa98fa40fb0447ba71e3

  • SHA1

    ee0e249026d4ab18f34cb2c8670cb868a9bb03f6

  • SHA256

    5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad

  • SHA512

    9da43ec72f85557bf117cb4e6bf85b5233bee04ffd526233dc183d7a18e408f383009e7668e4a541ed31ca703bfed05e5b36dc30f3b5f7ae45cffab8b8811b89

  • SSDEEP

    6144:VQq2fqS+L/IKCLbFstC9yJpinokDoP8KAOoVksPJ+can:V2f+L/eLb2qCtihj4

Score
10/10
imminentdiscoverypersistencespywaretrojan

Malware Config

Signatures

  • Imminent RAT

    Remote-access trojan based on Imminent Monitor remote admin software.

    trojanspywareimminent
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad.exe
    "C:\Users\Admin\AppData\Local\Temp\5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1092

Network

  • flag-us
    DNS
    bluenikehoodie.ddns.net
    5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad.exe
    Remote address:
    8.8.8.8:53
    Request
    bluenikehoodie.ddns.net
    IN A
    Response
    bluenikehoodie.ddns.net
    IN A
    0.0.0.0
No results found
  • 8.8.8.8:53
    bluenikehoodie.ddns.net
    dns
    5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad.exe
    69 B
     85 B
     1
    1

    DNS Request

    bluenikehoodie.ddns.net

    DNS Response

    0.0.0.0

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Imminent\Path.dat
    Filesize

    47B

    MD5

    cd66ed0e2a5157bfc327268d381cbe65

    SHA1

    9c211d3e97edbc1d93d18193e98b85a33c3ed184

    SHA256

    7d9d6f074838a64d673337e0a38b3f9c20938bc5fc7ed975c76d520ae47d04fc

    SHA512

    a9adfebd15b7e82641f3bf26652fa8192f850573aa87b52f7613610ed45f060f6d6829d15e1232e0cb43e2213c58d089519c06c1ff1a97b5c1171b86cd089ba8

    Download Submit

  • memory/1092-0-0x0000000074B51000-0x0000000074B52000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1092-1-0x0000000074B50000-0x00000000750FB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1092-2-0x0000000074B50000-0x00000000750FB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1092-14-0x0000000074B50000-0x00000000750FB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1092-17-0x0000000074B50000-0x00000000750FB000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.