mimikatz | 633b9687e0fb9e4304873ee45b239f692e1df60958dc20f9ca159fb90973ce58

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 03:36

Target

792d290051903fa1da17adc346507a65.exe
Size

5.2MB
MD5

792d290051903fa1da17adc346507a65
SHA1

c2ec8d0014b998e9702887ee930f838e9a6a0b86
SHA256

633b9687e0fb9e4304873ee45b239f692e1df60958dc20f9ca159fb90973ce58
SHA512

516a0832aaf4a1c9ea16543647b1d5c14a96cd2e64ed380c9d4540bb7938c842618e5da64ecb5362d47dbd6d511e2f4912cdf839ef6fd1f2fea2f3937ff98029
SSDEEP

3072:rhnNV/Onfg3KUWWsxr0lZcU0hv5UDW1mcE7P2+ab4VQF4o+SZoQBB6XrQSE30TKa:rh

Score

10^/10

mimikatz

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

mimikatz is an open source tool to dump credentials on Windows 2 IoCs

resource	yara_rule
behavioral1/memory/2644-4-0x000000001C340000-0x000000001C48B000-memory.dmp	mimikatz
behavioral1/memory/2644-6-0x000000001C340000-0x000000001C48B000-memory.dmp	mimikatz

C:\Users\Admin\AppData\Local\Temp\792d290051903fa1da17adc346507a65.exe
"C:\Users\Admin\AppData\Local\Temp\792d290051903fa1da17adc346507a65.exe"
1⤵
PID:2644

memory/2644-0-0x000000013F220000-0x000000013F762000-memory.dmp

Filesize
5.3MB

Download
memory/2644-1-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download
memory/2644-2-0x000000001AC10000-0x000000001AD5F000-memory.dmp

Filesize
1.3MB

Download
memory/2644-3-0x000000001AC10000-0x000000001AD5F000-memory.dmp

Filesize
1.3MB

Download
memory/2644-4-0x000000001C340000-0x000000001C48B000-memory.dmp

Filesize
1.3MB

Download
memory/2644-5-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download
memory/2644-6-0x000000001C340000-0x000000001C48B000-memory.dmp

Filesize
1.3MB

Download