mimikatz | abac0a641e35d5de035b9b03824a5d8e6c1b51725de9a571be55d261ced6b75a

Analysis

max time kernel
308s
max time network
308s
platform
windows7_x64
resource
win7-en-20211208
submitted
13/01/2022, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup OMEGA Ampworks Granophyre v1.0.0.exe
Size

139.8MB
MD5

e0d87e7d53e4ab2fdb549ba1c6fd2924
SHA1

7f862d131b50b1745e651d1f82b05c38d758df6b
SHA256

abac0a641e35d5de035b9b03824a5d8e6c1b51725de9a571be55d261ced6b75a
SHA512

6f7cc4cf66105411e42d3d751368e6604db95aabf8255376421522ba5f2f5f8696e9f7d72028fda2080652416984dbdcabcc2be2a8960ceef0d07c56521fa26c

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

mimikatz is an open source tool to dump credentials on Windows 2 IoCs

resource	yara_rule
behavioral1/memory/784-75-0x0000000074640000-0x0000000074678000-memory.dmp	mimikatz
behavioral1/memory/784-94-0x0000000074640000-0x0000000074678000-memory.dmp	mimikatz

Executes dropped EXE 1 IoCs

pid	Process
784	Setup OMEGA Ampworks Granophyre v1.0.0.tmp

Loads dropped DLL 4 IoCs

pid	Process
268	Setup OMEGA Ampworks Granophyre v1.0.0.exe
784	Setup OMEGA Ampworks Granophyre v1.0.0.tmp
784	Setup OMEGA Ampworks Granophyre v1.0.0.tmp
784	Setup OMEGA Ampworks Granophyre v1.0.0.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
784	Setup OMEGA Ampworks Granophyre v1.0.0.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 268 wrote to memory of 784	268	Setup OMEGA Ampworks Granophyre v1.0.0.exe	27
PID 268 wrote to memory of 784	268	Setup OMEGA Ampworks Granophyre v1.0.0.exe	27
PID 268 wrote to memory of 784	268	Setup OMEGA Ampworks Granophyre v1.0.0.exe	27
PID 268 wrote to memory of 784	268	Setup OMEGA Ampworks Granophyre v1.0.0.exe	27
PID 268 wrote to memory of 784	268	Setup OMEGA Ampworks Granophyre v1.0.0.exe	27
PID 268 wrote to memory of 784	268	Setup OMEGA Ampworks Granophyre v1.0.0.exe	27
PID 268 wrote to memory of 784	268	Setup OMEGA Ampworks Granophyre v1.0.0.exe	27

C:\Users\Admin\AppData\Local\Temp\Setup OMEGA Ampworks Granophyre v1.0.0.exe
"C:\Users\Admin\AppData\Local\Temp\Setup OMEGA Ampworks Granophyre v1.0.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:268
- C:\Users\Admin\AppData\Local\Temp\is-163TT.tmp\Setup OMEGA Ampworks Granophyre v1.0.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-163TT.tmp\Setup OMEGA Ampworks Granophyre v1.0.0.tmp" /SL5="$C0154,146016324,143360,C:\Users\Admin\AppData\Local\Temp\Setup OMEGA Ampworks Granophyre v1.0.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/268-54-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/268-57-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/784-94-0x0000000074640000-0x0000000074678000-memory.dmp

Filesize
224KB

Download
memory/784-100-0x0000000076B10000-0x0000000076CAD000-memory.dmp

Filesize
1.6MB

Download
memory/784-65-0x0000000006E80000-0x0000000006EE1000-memory.dmp

Filesize
388KB

Download
memory/784-67-0x0000000006E80000-0x0000000006EE1000-memory.dmp

Filesize
388KB

Download
memory/784-69-0x0000000076CB0000-0x0000000076D3F000-memory.dmp

Filesize
572KB

Download
memory/784-70-0x0000000075B50000-0x0000000075CAC000-memory.dmp

Filesize
1.4MB

Download
memory/784-71-0x0000000074BC0000-0x0000000074C60000-memory.dmp

Filesize
640KB

Download
memory/784-72-0x00000000760C0000-0x000000007615D000-memory.dmp

Filesize
628KB

Download
memory/784-73-0x0000000074EA0000-0x0000000074EF7000-memory.dmp

Filesize
348KB

Download
memory/784-74-0x0000000074F00000-0x0000000075B4A000-memory.dmp

Filesize
12.3MB

Download
memory/784-75-0x0000000074640000-0x0000000074678000-memory.dmp

Filesize
224KB

Download
memory/784-76-0x00000000744C0000-0x00000000745DF000-memory.dmp

Filesize
1.1MB

Download
memory/784-77-0x0000000074430000-0x00000000744BC000-memory.dmp

Filesize
560KB

Download
memory/784-78-0x0000000075DD0000-0x0000000075DFA000-memory.dmp

Filesize
168KB

Download
memory/784-79-0x00000000743F0000-0x0000000074422000-memory.dmp

Filesize
200KB

Download
memory/784-80-0x0000000074270000-0x0000000074365000-memory.dmp

Filesize
980KB

Download
memory/784-81-0x0000000076B10000-0x0000000076CAD000-memory.dmp

Filesize
1.6MB

Download
memory/784-82-0x0000000006E80000-0x0000000006EE1000-memory.dmp

Filesize
388KB

Download
memory/784-83-0x0000000076CB0000-0x0000000076D3F000-memory.dmp

Filesize
572KB

Download
memory/784-84-0x0000000075B50000-0x0000000075CAC000-memory.dmp

Filesize
1.4MB

Download
memory/784-85-0x0000000074BC0000-0x0000000074C60000-memory.dmp

Filesize
640KB

Download
memory/784-87-0x0000000074800000-0x000000007499E000-memory.dmp

Filesize
1.6MB

Download
memory/784-86-0x00000000746F1000-0x00000000746F6000-memory.dmp

Filesize
20KB

Download
memory/784-88-0x0000000074EA0000-0x0000000074EF7000-memory.dmp

Filesize
348KB

Download
memory/784-89-0x0000000074F00000-0x0000000075B4A000-memory.dmp

Filesize
12.3MB

Download
memory/784-90-0x0000000076260000-0x00000000762DB000-memory.dmp

Filesize
492KB

Download
memory/784-93-0x0000000076A30000-0x0000000076AB3000-memory.dmp

Filesize
524KB

Download
memory/784-95-0x0000000074620000-0x0000000074637000-memory.dmp

Filesize
92KB

Download
memory/784-99-0x0000000074270000-0x0000000074365000-memory.dmp

Filesize
980KB

Download
memory/784-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/784-98-0x0000000074370000-0x00000000743A9000-memory.dmp

Filesize
228KB

Download
memory/784-96-0x00000000744C0000-0x00000000745DF000-memory.dmp

Filesize
1.1MB

Download
memory/784-101-0x00000000741E0000-0x0000000074216000-memory.dmp

Filesize
216KB

Download
memory/784-102-0x0000000006E80000-0x0000000006EE1000-memory.dmp

Filesize
388KB

Download
memory/784-97-0x00000000743F0000-0x0000000074422000-memory.dmp

Filesize
200KB

Download
memory/784-103-0x0000000076CB0000-0x0000000076D3F000-memory.dmp

Filesize
572KB

Download
memory/784-104-0x0000000074BC0000-0x0000000074C60000-memory.dmp

Filesize
640KB

Download
memory/784-105-0x00000000760C0000-0x000000007615D000-memory.dmp

Filesize
628KB

Download
memory/784-107-0x0000000074800000-0x000000007499E000-memory.dmp

Filesize
1.6MB

Download
memory/784-108-0x0000000074EA0000-0x0000000074EF7000-memory.dmp

Filesize
348KB

Download
memory/784-106-0x00000000746D0000-0x00000000746E2000-memory.dmp

Filesize
72KB

Download
memory/784-109-0x0000000076260000-0x00000000762DB000-memory.dmp

Filesize
492KB

Download
memory/784-111-0x0000000074760000-0x0000000074773000-memory.dmp

Filesize
76KB

Download
memory/784-112-0x0000000076A30000-0x0000000076AB3000-memory.dmp

Filesize
524KB

Download
memory/784-113-0x0000000074430000-0x00000000744BC000-memory.dmp

Filesize
560KB

Download
memory/784-114-0x00000000743F0000-0x0000000074422000-memory.dmp

Filesize
200KB

Download
memory/784-115-0x0000000074370000-0x00000000743A9000-memory.dmp

Filesize
228KB

Download
memory/784-116-0x0000000074270000-0x0000000074365000-memory.dmp

Filesize
980KB

Download
memory/784-117-0x0000000076B10000-0x0000000076CAD000-memory.dmp

Filesize
1.6MB

Download
memory/784-118-0x0000000075DA0000-0x0000000075DC7000-memory.dmp

Filesize
156KB

Download
memory/784-119-0x0000000006E80000-0x0000000006EE1000-memory.dmp

Filesize
388KB

Download
memory/784-120-0x0000000074BC0000-0x0000000074C60000-memory.dmp

Filesize
640KB

Download
memory/784-121-0x00000000746F1000-0x00000000746F6000-memory.dmp

Filesize
20KB

Download
memory/784-122-0x00000000746D0000-0x00000000746E2000-memory.dmp

Filesize
72KB

Download
memory/784-123-0x0000000074800000-0x000000007499E000-memory.dmp

Filesize
1.6MB

Download
memory/784-124-0x0000000074EA0000-0x0000000074EF7000-memory.dmp

Filesize
348KB

Download
memory/784-126-0x0000000076A30000-0x0000000076AB3000-memory.dmp

Filesize
524KB

Download
memory/784-127-0x0000000074430000-0x00000000744BC000-memory.dmp

Filesize
560KB

Download
memory/784-128-0x00000000743F0000-0x0000000074422000-memory.dmp

Filesize
200KB

Download
memory/784-129-0x0000000074370000-0x00000000743A9000-memory.dmp

Filesize
228KB

Download