mimikatz | 3f239909a96b59b7b81bf714ca7c0b293773efafea8e02891c5a2a2bfc58dd68 | Triage

Submit
Reports

Overview

overview

Static

static

7

NEAS.d296c...00.exe

windows7-x64

NEAS.d296c...00.exe

windows10-2004-x64

Sharing

General

Target

NEAS.d296c8db00ba7a7315e15403447f4c00.exe
Size

3.8MB
Sample

231014-xx6nbsag39
MD5

d296c8db00ba7a7315e15403447f4c00
SHA1

d0824335e3dfcd931a8e56def94abd882bb1a6d2
SHA256

3f239909a96b59b7b81bf714ca7c0b293773efafea8e02891c5a2a2bfc58dd68
SHA512

4bab9831751bbc8a7ae82c467e080df0afbdf2ec0a762eb4b251ec06ead685857e3d9be97d3a0e041590a5077f69d90b5f661e625df39abd1ff9d491f44f86d7
SSDEEP

98304:kXnePLpXsosKbzubE0IdC7AFEwY2k1oQVAIfotgJWdSx:kXWL9PKUpYVX

Score

10^/10

mimikatz evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NEAS.d296c8db00ba7a7315e15403447f4c00.exe

Resource

win7-20230831-en

mimikatz evasion themida trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.d296c8db00ba7a7315e15403447f4c00.exe

Resource

win10v2004-20230915-en

mimikatz evasion themida trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.d296c8db00ba7a7315e15403447f4c00.exe
- Size
  
  3.8MB
- MD5
  
  d296c8db00ba7a7315e15403447f4c00
- SHA1
  
  d0824335e3dfcd931a8e56def94abd882bb1a6d2
- SHA256
  
  3f239909a96b59b7b81bf714ca7c0b293773efafea8e02891c5a2a2bfc58dd68
- SHA512
  
  4bab9831751bbc8a7ae82c467e080df0afbdf2ec0a762eb4b251ec06ead685857e3d9be97d3a0e041590a5077f69d90b5f661e625df39abd1ff9d491f44f86d7
- SSDEEP
  
  98304:kXnePLpXsosKbzubE0IdC7AFEwY2k1oQVAIfotgJWdSx:kXWL9PKUpYVX
Score

10^/10

mimikatz evasion themida trojan
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- mimikatz is an open source tool to dump credentials on Windows
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mimikatzevasionthemidatrojan

behavioral2

mimikatzevasionthemidatrojan

© 2018-2025

Terms | Privacy