mimikatz | 408404f08c3ab73ee5efb9ae82fa457c990c91c200d95a79f842e932683a0dc6

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31a4268c851c99e79ad5ed15b7337acc_JaffaCakes118.exe
Size

5.7MB
MD5

31a4268c851c99e79ad5ed15b7337acc
SHA1

d2b622128533893f13cce1574fda083d8ed4cda9
SHA256

408404f08c3ab73ee5efb9ae82fa457c990c91c200d95a79f842e932683a0dc6
SHA512

9cb4aab0b30f05975096873a808775672aca603218fcb8a5b90784b40b5dc41ce374c7700cb870c5b74532083bdc00cb6629eb7e786687525a0d5f1343473dc8
SSDEEP

98304:V7OK0VizaeAF+2yRueiSRP88I5gspvWJPIsX+2hH4qdu1sh5Bjw1AT:V7ODViGeAFDyRovAPGCvdr5Bjw1AT

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

mimikatz is an open source tool to dump credentials on Windows 3 IoCs

resource	yara_rule
behavioral1/memory/332-88-0x0000000000400000-0x0000000000E13000-memory.dmp	mimikatz
behavioral1/memory/332-90-0x0000000000400000-0x0000000000E13000-memory.dmp	mimikatz
behavioral1/memory/332-91-0x0000000000400000-0x0000000000E13000-memory.dmp	mimikatz

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
332	31a4268c851c99e79ad5ed15b7337acc_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
332	31a4268c851c99e79ad5ed15b7337acc_JaffaCakes118.exe
332	31a4268c851c99e79ad5ed15b7337acc_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\31a4268c851c99e79ad5ed15b7337acc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\31a4268c851c99e79ad5ed15b7337acc_JaffaCakes118.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/332-0-0x00000000004F3000-0x0000000000855000-memory.dmp

Filesize
3.4MB

Download
memory/332-63-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/332-88-0x0000000000400000-0x0000000000E13000-memory.dmp

Filesize
10.1MB

Download
memory/332-61-0x0000000000E40000-0x0000000000E41000-memory.dmp

Filesize
4KB

Download
memory/332-60-0x0000000000E30000-0x0000000000E31000-memory.dmp

Filesize
4KB

Download
memory/332-58-0x0000000000E30000-0x0000000000E31000-memory.dmp

Filesize
4KB

Download
memory/332-56-0x0000000000E30000-0x0000000000E31000-memory.dmp

Filesize
4KB

Download
memory/332-55-0x0000000000E20000-0x0000000000E21000-memory.dmp

Filesize
4KB

Download
memory/332-53-0x0000000000E20000-0x0000000000E21000-memory.dmp

Filesize
4KB

Download
memory/332-51-0x0000000000E20000-0x0000000000E21000-memory.dmp

Filesize
4KB

Download
memory/332-50-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/332-48-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/332-46-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/332-45-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/332-43-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/332-41-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/332-40-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/332-38-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/332-36-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/332-35-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/332-33-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/332-31-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/332-30-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/332-28-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/332-26-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/332-25-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/332-23-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/332-21-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/332-20-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/332-18-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/332-16-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/332-15-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/332-13-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/332-11-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/332-10-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/332-8-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/332-6-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/332-5-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/332-3-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/332-1-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/332-90-0x0000000000400000-0x0000000000E13000-memory.dmp

Filesize
10.1MB

Download
memory/332-91-0x0000000000400000-0x0000000000E13000-memory.dmp

Filesize
10.1MB

Download
memory/332-92-0x00000000004F3000-0x0000000000855000-memory.dmp

Filesize
3.4MB

Download