imminent | 3f128a6477d3d836accf898a564082a9ba4b50168bd16eac89c16ea09edd85ea | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

3f128a6477...ea.exe

windows7-x64

3f128a6477...ea.exe

windows10-2004-x64

Sharing

General

Target

3f128a6477d3d836accf898a564082a9ba4b50168bd16eac89c16ea09edd85ea
Size

803KB
Sample

250316-ab5gtaznx7
MD5

d9088a749f3b68662c2773eb637b0b6b
SHA1

907d48cbda81f3e4d9cd724154605f0657935ef8
SHA256

3f128a6477d3d836accf898a564082a9ba4b50168bd16eac89c16ea09edd85ea
SHA512

ac27136531285dc2292d1ca8604955c0460f4d481f33857e72ab77d09cb89d0929c1bd4a624cf39c94fe87353ca201af4f914edf74fe2fd1a72c22d2688e2e73
SSDEEP

24576:bkGvM/P1U4bBTOKr26GU5OYsnXgxvrQrAnuIw9:b2/P1UOtOKC6GrYsgxTQTIG

Score

10^/10

imminent discovery spyware trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3f128a6477d3d836accf898a564082a9ba4b50168bd16eac89c16ea09edd85ea.exe

Resource

win7-20240903-en

imminent discovery spyware trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

3f128a6477d3d836accf898a564082a9ba4b50168bd16eac89c16ea09edd85ea.exe

Resource

win10v2004-20250314-en

imminent discovery spyware trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3f128a6477d3d836accf898a564082a9ba4b50168bd16eac89c16ea09edd85ea
- Size
  
  803KB
- MD5
  
  d9088a749f3b68662c2773eb637b0b6b
- SHA1
  
  907d48cbda81f3e4d9cd724154605f0657935ef8
- SHA256
  
  3f128a6477d3d836accf898a564082a9ba4b50168bd16eac89c16ea09edd85ea
- SHA512
  
  ac27136531285dc2292d1ca8604955c0460f4d481f33857e72ab77d09cb89d0929c1bd4a624cf39c94fe87353ca201af4f914edf74fe2fd1a72c22d2688e2e73
- SSDEEP
  
  24576:bkGvM/P1U4bBTOKr26GU5OYsnXgxvrQrAnuIw9:b2/P1UOtOKC6GrYsgxTQTIG
Score

10^/10

imminent discovery spyware trojan upx
- Imminent RAT
  Remote-access trojan based on Imminent Monitor remote admin software.
  trojan spyware imminent
- Imminent family
  imminent
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

imminentdiscoveryspywaretrojanupx

behavioral2

imminentdiscoveryspywaretrojanupx

© 2018-2025

Terms | Privacy