mimikatz | 75a9eaac69de6320073f3efc138df92dff21360b4f377e0e951e22085bc4787f

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 14:36

Target

af9c2a14ace680f056d23e2f5c16964d_JaffaCakes118.exe
Size

753KB
MD5

af9c2a14ace680f056d23e2f5c16964d
SHA1

37a24b202a3932f8e723bd29909395c07dfdcbeb
SHA256

75a9eaac69de6320073f3efc138df92dff21360b4f377e0e951e22085bc4787f
SHA512

bedec8539f6e183740ca25c0a4bc38ee3f6fb4ffc32cd952ef50f4422182dede16bc8b3dedefaf8efaea244bf1abbc63d823d10e657d2a092a5e368c934aa989
SSDEEP

12288:OZa8Hq8xXV4o5meo/ohjvfndGuGJkdQoIrQMJR52IO4n9enNYozj+J/ajcoXWnk:OI8vxFX5iudjPK80RUxNZzW/aVGk

Score

10^/10

mimikatz

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

mimikatz is an open source tool to dump credentials on Windows 2 IoCs

resource	yara_rule
behavioral1/memory/2676-2-0x00000000023C0000-0x000000000250B000-memory.dmp	mimikatz
behavioral1/memory/2676-4-0x00000000023C0000-0x000000000250B000-memory.dmp	mimikatz

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
2676	af9c2a14ace680f056d23e2f5c16964d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\af9c2a14ace680f056d23e2f5c16964d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\af9c2a14ace680f056d23e2f5c16964d_JaffaCakes118.exe"
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
PID:2676

memory/2676-0-0x0000000000620000-0x00000000006C3000-memory.dmp

Filesize
652KB

Download
memory/2676-1-0x0000000000620000-0x00000000006C3000-memory.dmp

Filesize
652KB

Download
memory/2676-2-0x00000000023C0000-0x000000000250B000-memory.dmp

Filesize
1.3MB

Download
memory/2676-3-0x0000000000400000-0x00000000004C3000-memory.dmp

Filesize
780KB

Download
memory/2676-4-0x00000000023C0000-0x000000000250B000-memory.dmp

Filesize
1.3MB

Download