mimikatz | 32863daa615afbb3e90e3dad35ad47199050333a2aaed57e5065131344206fe1 | Triage

Analysis

max time kernel
124s
max time network
135s
platform
windows10_x64
resource
win10v20201028
submitted
17-03-2021 16:23

Sharing

Report Analysis Logs

General

Target

64bit_decompressed.dll
Size

92KB
MD5

b3c30a575695e713e8307b7c0b429557
SHA1

949d36ea8e47cb9530b1bbd3af29cf7b1a01b612
SHA256

32863daa615afbb3e90e3dad35ad47199050333a2aaed57e5065131344206fe1
SHA512

684e8c6e78efda326bdf2f1278dc6d18c7f65e4c95b4598dad871491051f76a65ec17b1189e1eb13a1fd9bd2d1ee31eb89434a7ec4ce3cd5dffa272604fe7127

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

mimikatz is an open source tool to dump credentials on Windows 1 IoCs

resource	yara_rule
behavioral2/memory/636-2-0x00007FFA17900000-0x00007FFA1791A000-memory.dmp	mimikatz

Blocklisted process makes network request 5 IoCs

flow	pid	Process
4	636	rundll32.exe
16	636	rundll32.exe
18	636	rundll32.exe
20	636	rundll32.exe
22	636	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64bit_decompressed.dll,#1
1⤵
- Blocklisted process makes network request
PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/636-2-0x00007FFA17900000-0x00007FFA1791A000-memory.dmp

Filesize
104KB

Download