Overview

overview

10

Static

static

3

Imminent.M...al.url

windows7-x64

1

Imminent.M...al.url

windows10-2004-x64

1

Imminent.M...at.url

windows7-x64

1

Imminent.M...at.url

windows10-2004-x64

1

Imminent.M...up.exe

windows7-x64

10

Imminent.M...up.exe

windows10-2004-x64

7

Chrome.exe

windows7-x64

10

Chrome.exe

windows10-2004-x64

10

Setup.exe

windows7-x64

6

Setup.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2024 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Imminent.Monitor.4.1 RAT Complete Setup By Shozab Haxor/Imminent.Monitor.4.1/Setup.exe

  • Size

    11.7MB

  • MD5

    c13eaea9f5401998054cd90d3522732d

  • SHA1

    5f227077d8b533892a7cba05ae6cbe112ce51d13

  • SHA256

    0119abb16b47b36c9497b835ed305fa8344d2d7c8d663eb65ec522bfa2588ae9

  • SHA512

    4c1d47ec5546879da086cc773d4338506da14392cb767f9c8a38968744016ed8bf4f5a81653c0ffc639690871fc44a446877d75bf85585266e864b1b93301ca3

  • SSDEEP

    196608:UXkCEHUrw55FD7Rkadk0iZE4t8jP12sJhEmXHk3g27CwEVDg72jzA3VVkimp:nCE2yP7RkadkO4t8TktHvCb7jzcVVkiG

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Imminent.Monitor.4.1 RAT Complete Setup By Shozab Haxor\Imminent.Monitor.4.1\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Imminent.Monitor.4.1 RAT Complete Setup By Shozab Haxor\Imminent.Monitor.4.1\Setup.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      PID:2008
    • C:\Users\Admin\AppData\Local\Temp\Chrome.exe
      "C:\Users\Admin\AppData\Local\Temp\Chrome.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3856
      • C:\Users\Admin\AppData\Local\Temp\Chrome.exe
        C:\Users\Admin\AppData\Local\Temp\Chrome.exe
        3⤵
        • Executes dropped EXE
        PID:1220
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 80
          4⤵
          • Program crash
          PID:4424
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1220 -ip 1220
    1⤵
      PID:1404

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Buttons\File Manager\buttonremoteback.png
      Filesize

      577B

      MD5

      c799b4780cd902a1d6fc40cbea3ba09d

      SHA1

      d9da551566f8f3985c560fad18ddadcefdf7b5ff

      SHA256

      019de6bb09728a5bed1609f20f4bbc33c4dec14591ce5d8c033061dd2348a931

      SHA512

      07781a0937b4144513ef273577dd36502071f7da7d69d4fc364d11192a798e4d5bc57f2525c4beed11ffdd65e22581aeda4918e75c3d5ee8543cb2394e75a47e

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Buttons\File Manager\buttonremoterefresh.png
      Filesize

      836B

      MD5

      36215c5a3c6657364c401f6c593fb793

      SHA1

      d13c4dcd5661fff279d390793b5ec938ae51dd0a

      SHA256

      9b1067e7c71646bd1a557d31a3398445afa27a8f899d97fe26a052d47e0323fd

      SHA512

      b78ed56237f4db50013cd312508b9d9942daa36414d599e472db4574e1ca609d600b4e31e74b091b1faeb3b21ff2ec0d38705f4283400231b4eb32b0803897fa

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Buttons\Misc\buttonhidetaskbar.png
      Filesize

      452B

      MD5

      0965f0d1b222986515711b049af26de9

      SHA1

      42989d49425a540db0e318b5967574ed59e8271b

      SHA256

      9bb2935f59a8b15ebe12a48a0212fbd36fcb048bd43d4696857953af9df9e5e7

      SHA512

      f715d7f8bb2f4180a343c02532f82b862a3842f6b31f4b88f8a5fc7b955b6011cff6d05a133581e69667843c5e05398594a0e57dae8d22444d0d4742a6a8b12b

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Buttons\Misc\buttonlocktaskbar.png
      Filesize

      386B

      MD5

      4db28c4bd183e201dd00763ca3e91a65

      SHA1

      55db395fef13ad9b2b4be081758ee5b2173570db

      SHA256

      34865115b29d936f401b66fb603ff1b44dc1b4ab8a3728dd5ffb7ad86a114900

      SHA512

      4a4b69236ee4cf7868837aa50a49c7742a00ba424564b837f4c7ac257e45d5fcebc6f5ede655c975244b0f85070e0e8537279f207372902b5c584d952ab60080

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Buttons\Misc\buttonshowtaskbar.png
      Filesize

      367B

      MD5

      376e3788d9cb91cb13530353a4a7563b

      SHA1

      5f6e222b7f7508b4870ee68cb0a1e4d4480ea123

      SHA256

      6d664b4e5c4126ae0b0de0cb63caced07f4419124c8d66f6c63e220b99cf26d9

      SHA512

      1acbb2263269decc9bad09f651b65a6dc8d74fa15a993b3ca75c31a08cc18980c23d890a50f99679d30f9d4328b3394ab803e5381270fa458eb5f64efde48049

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Buttons\Misc\buttonunlocktaskbar.png
      Filesize

      479B

      MD5

      43043821ce7eb2f370010ce50a5908d4

      SHA1

      0a36d3d7ffad5f3e19654273735fe1b0b2e41858

      SHA256

      fc6cad83f140d56fa088b5d75f41ba1a265b98d02316bef6b94401d2ccae2aaa

      SHA512

      8ce17cb39b1c599e1208d2b083da1a9eb2452f6c38bba0e1347a224ad21640c24d2017ec8491905d70d7b1c8df008b6cbed656b5c1fbaa8d8edc48acf9832b0c

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\File Manager\delete.png
      Filesize

      544B

      MD5

      964d1afcaa92b7b2eda6b86513e511f8

      SHA1

      a928c65408cc445667843628474aeeacb86598f6

      SHA256

      cee7ed8601de316a2b961d3d78b07cdfdd10bd04266d366ce5e77b425513f515

      SHA512

      0bbc7a1e733cad30a2e26bb0dd21a465dcf3bfac888827f575dd0b2ef7d9dad1e5961b8cfbe91cede72896cd2b21ed0db135822ac71f422bd8dc55198382eb8c

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\File Manager\set-wallpaper.png
      Filesize

      795B

      MD5

      8dfb215806a267fec67db2341d9f4fcd

      SHA1

      020e952f8c3650fad82617ac7566aa1cef464f12

      SHA256

      8db21a46faea592d5866d3da2791da07157bdd3ece42a9cf517889567ec88d9a

      SHA512

      6f493e7f0b549f6b427ab6564aa9101cab52e045da442b1ff995e3f7ede1280c5a241d54a778e9fc60be274392e50789c8f002033b95228cb516a24cb9ee283f

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\File Manager\special-files.png
      Filesize

      699B

      MD5

      a9b263735e47992e5901fafa48bcc762

      SHA1

      559442eb737289552c0d4c703ca4f63a41050fde

      SHA256

      3b0280c04b369c9a5026303bf319c0b3df81147a3fa25d92a9334af0161b68da

      SHA512

      8f74f77db2bf883044c21b4a8a6c0ab6885491ce2dcd39e52489368c592b8da6cc9acff4d1ae623cb729b6c8737cc7c4afa8f84e9e72510c05a2ad3624e37bd9

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\File Manager\view-thumbnail-gallery.png
      Filesize

      451B

      MD5

      3256504f96cd017c9dcdee5ad0751472

      SHA1

      77a2fc09bf8dbd743b57880138c8c696526e674a

      SHA256

      ad80eff5fcc24b97590b7b7b30b7036ba9f054e78ee622bed13ec49c80020579

      SHA512

      b305b150b5741df1fdf89fe4f617592473790dc45964a5951c2015eeb7ad09460d90c4f8f93105dbf7757d232ac9cae52fc7505f7e869c6e86ed6ca65b04f76e

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\Main\clients-username.png
      Filesize

      700B

      MD5

      1aa237837f8a5f22ffad9695cf220e16

      SHA1

      accb3a78686f385acf938ef054e76da9bbd142bc

      SHA256

      c17d652c1626c85cb007ec13c11a0e1589efa34bf1b36755a3013edd07aa51dd

      SHA512

      29743d898c9698b8cbe4da5239f9c3ff543a43c0715322a4e858ae182c8e57208c39ff30f0fdec692926a0a22b1abc29fc4384eb24b36f1a5613366ac0014aa2

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\Main\extra-functions.png
      Filesize

      630B

      MD5

      56f8ab6fa38f741944eb21c58b39bd8f

      SHA1

      52c8ba175d9c2b653862f41d8940674fe1daf2d6

      SHA256

      73e3a497bac230f4f21f86c7cf324958a2313459ec0ddad645e6c8a645598753

      SHA512

      1b3aef6b729cab99818afc59c6742b11f9784838c81326aa65921504cc386c47e4d378bb1d464d616f032ccb67a2483bc23ba9273dc93733c678f538c8f45f90

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\Main\from-link.png
      Filesize

      1KB

      MD5

      a5326481180e283f275bd9eeda95db20

      SHA1

      ee5e8c327f8bced1205df0e07672296b52ab4ba8

      SHA256

      1dccd80e42391c90b1c45904dc47baa958cdd5ab6bb141cdfd9ef08fe05e4950

      SHA512

      696794d89f4a5c5cd62fc8e736a2b0af3bdc59cd69c861ea49b778ecb36e5e112f1efde0f95b4586381038f13c807b6b33133fe73f3c07edd5034b1732c70067

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\Main\microphone.png
      Filesize

      738B

      MD5

      b3e396c5d31b524a7208eb0fb9e1e985

      SHA1

      74046147e43b9a80c056346492055cc94f4e26e5

      SHA256

      da139749da94fb2ce86b54cd2ce3b6e99665ab5bec6cdb1f9a4fdc0e5be70927

      SHA512

      28e4353d019d753698e50cfe37cb4687bd6240a07824317668453aa5cc65405b1693f13d7950bbbb6c51222519625bd7a3afcb544851dd90c65d690026921706

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\Main\miscellanous.png
      Filesize

      550B

      MD5

      cb255bc5974ee5b95265dcead1793a74

      SHA1

      98b22e19be1b8b2ff7e183b6f2626cc2c63480f7

      SHA256

      06f1e2f5eaaa06e49fb306df3c948248bf845fb0713cef223463e63e1f37f345

      SHA512

      b53a63a0b5a779c39a66bc754ce11cd78d15f495091a2bfc468f40c24561df5f7925278298b51eb445c2789977ba60f6b79cac5c21c8cd75c0f027ae1ad93af7

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\ContextMenu\Main\text-to-speech.png
      Filesize

      566B

      MD5

      a16280a562ff00fa882735d9d23a7c80

      SHA1

      16e3b389a2201c77d428353e642b00c76d395913

      SHA256

      4f32e29bb9d7853e3fb6b41a721ad4e779bc6a6515aee052d14bf13d80727120

      SHA512

      4f34609de0cca464141ada889a19c39ea99636b03174bcc3918ef5efcfe5fb9de337bc87bb674b64d04178ca0266167c3371fdbf726bef2be3408c48a1ef55d9

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Countrys\Heard Island and McDonald.png
      Filesize

      614B

      MD5

      67a8aaf5657d92683c60af535a226493

      SHA1

      f1c04221f9c0a4f35ab4eb7b90d4dcdcac30b64a

      SHA256

      cfc2e8a845012c4ed2c1f9ae6c9dac510f65413fbf4490259bf45f0c73988533

      SHA512

      e24a749e433bc379510383542ae6c8db32447945be04e988f7c6ab32c24d5dc10ba12ab9950f098fcbdfec4fc0124cd9c6ac4b922cd4b536c52fd1b934f65b7e

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Countrys\Monaco.png
      Filesize

      333B

      MD5

      6918359d3d5ba6d08777957ff0aa639f

      SHA1

      a0a7bdea180b127aaa128dab01e1e1b7e16923d7

      SHA256

      03f09127ca417489cbe158429faaf62753ee2c62f7744e802e1256a46a600828

      SHA512

      2defe789de5bea7e4a901663cfd89f54118a2477c08cb590fa0cc09c05346bf81bfd9a77a7fca6cb4aa77053c6ea53d9a56d703fc1397d2dddf3bdd1f2adb064

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Countrys\Netherlands.png
      Filesize

      367B

      MD5

      49d1309b370eaa5dd12f07b0dad4b156

      SHA1

      8bcdefba61f764fd9301086b97d117a0950353cf

      SHA256

      fe9e583f1d1dcca70a3268761d979c1117e249448d86f4f3a68cfd892d347770

      SHA512

      3a50ce78b86a08f20f84e94ea1d66becbc4934d612b4b3c7c92839356a5b04880e309d26fdf33fe8a7f6321a14397c776b692f4b930ad25dd4c3225eaebbe528

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Countrys\Norway.png
      Filesize

      485B

      MD5

      2ce917331ee7dbbdbedd716e8e84c7d0

      SHA1

      1d5136c70b7588b147c6631cb64ed409987ff824

      SHA256

      5b799d5d9cc343a2622b80b69eac4b47b7b929ffe20ccb1424c3b357c765c129

      SHA512

      40ba1ee90e66b73393855a6ded1d293820093827dc82cb9f82303a7b86023249b74b1414a7e91469991f37a78dd437253a8d8abcd9879b1d7cc0edbfc5b157fc

      Download Submit

    • C:\Program Files (x86)\Parrot Security\Imminent.Monitor\Imminent.Monitor.4.1.0.0-Crack-YQ8\Resources\Images\Countrys\United States of America.png
      Filesize

      488B

      MD5

      2556bc1917869589e27a684959e62373

      SHA1

      8f49bcb0f8e5dc2e16c13f177cacfac4844ca423

      SHA256

      4ac836d19ba59b13f74176339bbb73a752844e528a338bd9340c945d2f2895c5

      SHA512

      4d16c705fa54c4b7dc27e6a2f1a87ec8a5a1cbbb90e1a19d50fe72350cf742fd880077b87efaec8218dcaf8f0001493d0145d9db8325e5b9a2b5e1ad8fc0f389

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
      Filesize

      3.2MB

      MD5

      9da2522fadc8ffe6243b655325f3d735

      SHA1

      f39e3e9cbfae115327f73dc9ce7299a7151fcfcc

      SHA256

      a78952e72db0f786469933ca3b2e6d077c17cc957b8d335bedf9227e29f98e37

      SHA512

      a9c157f62ad9854ab14a45ebd199a4d0e39eb99ea8da7313da541f90982eec6f5d633087c35c618b36b833781dbaac4b10875d3e83e30c7d39e9b5cab8b2a1aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Chrome.exe
      Filesize

      822KB

      MD5

      dfe9a9f1b8384990ac9b8f44c9305a9b

      SHA1

      2e1d01fe1920197aa484b98deba38d32c9cdcac0

      SHA256

      9bd6b2b7a07de015273594db5e1702fc25f7ef32c7e53db44845d0a6f3296ac5

      SHA512

      3d46375ae06808ba1ad3fd1c4796ca2da753f99fb02dca879b1c56c9e07cd950a684c6629551fa9d6cfbc86b619f6de2a4d97b5547397addf41f3ff8f7228e11

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      Filesize

      11.5MB

      MD5

      6f529ca081fcbf4ee4b4631cc78be3d8

      SHA1

      de367aab8e3bebc6fdf7041657cf82ce7704d768

      SHA256

      124bd27a25853170760901c7269e3f0e4577f047810d28f4606fa75deee0f884

      SHA512

      1b011d422e222f4fc5ccec1c95a1633de1c23acde18fe0a701bf2df522cdd11323fe8d62eb97e914365f0ee6f2abb8960c78456d8533903a82085061340f8ba1

      Download Submit

    • memory/2008-44-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2008-1330-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/2008-1331-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download

    • memory/3856-43-0x0000000074CA0000-0x0000000075251000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3856-39-0x0000000074CA0000-0x0000000075251000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3856-38-0x0000000074CA0000-0x0000000075251000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3856-22-0x0000000074CA2000-0x0000000074CA3000-memory.dmp

      Filesize

      4KB

      Download