mimikatz | 272617b0f5f79acea69bde9bcd92588a5f293da2c792aae9a212c38e66f066b1

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27/04/2024, 23:40

Target

03e3fcf6afccec35db328fbdff6c7339_JaffaCakes118.exe
Size

1.4MB
MD5

03e3fcf6afccec35db328fbdff6c7339
SHA1

98d5cfaa8681697e650fbca0a0453dff2bd8866e
SHA256

272617b0f5f79acea69bde9bcd92588a5f293da2c792aae9a212c38e66f066b1
SHA512

b015bc457ec643accf48443103f691e162e90ef65a24d2cee6f54c5e7405f16fccad068d9c84bddffa4dba641c5b80a956b1041f456b8b1a51b4ceeaef235698
SSDEEP

24576:6onfrtbjl4mcnx7tLTWGpXbcvk7LDCI4bUEVT06+IPrZ:6o52mcXEUaeEo6

Score

10^/10

mimikatz

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

mimikatz is an open source tool to dump credentials on Windows 2 IoCs

resource	yara_rule
behavioral1/memory/2080-0-0x0000000003080000-0x0000000003138000-memory.dmp	mimikatz
behavioral1/memory/2080-8-0x0000000002EA0000-0x0000000002F51000-memory.dmp	mimikatz

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2080	03e3fcf6afccec35db328fbdff6c7339_JaffaCakes118.exe
2080	03e3fcf6afccec35db328fbdff6c7339_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\03e3fcf6afccec35db328fbdff6c7339_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03e3fcf6afccec35db328fbdff6c7339_JaffaCakes118.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2080

memory/2080-0-0x0000000003080000-0x0000000003138000-memory.dmp

Filesize
736KB

Download
memory/2080-8-0x0000000002EA0000-0x0000000002F51000-memory.dmp

Filesize
708KB

Download