mimikatz | 8ce074ad76709fb960c570a8e1f347530b3bfe2c7ba726670c4722baa963089c

Resubmissions

17-10-2024 22:24

17-10-2024 22:23

max time kernel
94s
max time network
96s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
17-10-2024 22:24

Target

win8http.dll
Size

17KB
MD5

797c4de64422d14ca329306cf17cd962
SHA1

f2ed993ce47476d76c2f39a769ab446cff86ec8d
SHA256

8ce074ad76709fb960c570a8e1f347530b3bfe2c7ba726670c4722baa963089c
SHA512

5a09cd409ae8d15d1b6792a62ad65725502698212551c93dcb3dc6948bfe906cd25e12c9c1ac762351ea8d92ce3195a122a9406782cc2193f38743a60a85ef18
SSDEEP

384:GxCVPmM3fDIEgpbq2Wmfthc5q9QBy53vTaladED:G8wMsXpGKfHCB2dED

Score

10^/10

mimikatz

Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz

mimikatz is an open source tool to dump credentials on Windows 9 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1636-0-0x0000000180000000-0x000000018000E000-memory.dmp	mimikatz
behavioral1/memory/2392-2-0x0000000180000000-0x000000018000E000-memory.dmp	mimikatz
behavioral1/memory/4084-4-0x0000000180000000-0x000000018000E000-memory.dmp	mimikatz
behavioral1/memory/1984-3-0x0000000180000000-0x000000018000E000-memory.dmp	mimikatz
behavioral1/memory/2144-7-0x0000000180000000-0x000000018000E000-memory.dmp	mimikatz
behavioral1/memory/4824-8-0x0000000180000000-0x000000018000E000-memory.dmp	mimikatz
behavioral1/memory/5080-9-0x0000000180000000-0x000000018000E000-memory.dmp	mimikatz
behavioral1/memory/5080-10-0x0000000180000000-0x000000018000E000-memory.dmp	mimikatz
behavioral1/memory/2776-11-0x0000000180000000-0x000000018000E000-memory.dmp	mimikatz

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

cmd.exe

description	pid	Process	procid_target
PID 4592 wrote to memory of 2392	4592	cmd.exe	77
PID 4592 wrote to memory of 2392	4592	cmd.exe	77
PID 4592 wrote to memory of 1984	4592	cmd.exe	80
PID 4592 wrote to memory of 1984	4592	cmd.exe	80
PID 4592 wrote to memory of 4084	4592	cmd.exe	81
PID 4592 wrote to memory of 4084	4592	cmd.exe	81
PID 4592 wrote to memory of 5020	4592	cmd.exe	83
PID 4592 wrote to memory of 5020	4592	cmd.exe	83
PID 4592 wrote to memory of 2144	4592	cmd.exe	84
PID 4592 wrote to memory of 2144	4592	cmd.exe	84
PID 4592 wrote to memory of 4824	4592	cmd.exe	85
PID 4592 wrote to memory of 4824	4592	cmd.exe	85
PID 4592 wrote to memory of 2776	4592	cmd.exe	86
PID 4592 wrote to memory of 2776	4592	cmd.exe	86
PID 4592 wrote to memory of 5080	4592	cmd.exe	89
PID 4592 wrote to memory of 5080	4592	cmd.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\win8http.dll,#1
1⤵
PID:1636

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\win8http.dll, aaaaaaaa
  2⤵
  PID:2392
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\win8http.dll, #aaaaaaaa
  2⤵
  PID:1984
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\win8http.dll, #6
  2⤵
  PID:4084
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\win8http.dll, #1
  2⤵
  PID:5020
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\win8http.dll, #2
  2⤵
  PID:2144
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\win8http.dll, #3
  2⤵
  PID:4824
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\win8http.dll, #4
  2⤵
  PID:2776
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\win8http.dll, #5
  2⤵
  PID:5080

memory/1636-0-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/1984-3-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/2144-7-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/2392-1-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/2392-2-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/2776-11-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/4084-4-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/4824-8-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/5080-9-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download
memory/5080-10-0x0000000180000000-0x000000018000E000-memory.dmp

Filesize
56KB

Download