Overview

overview

10

Static

static

10

Win32/kappfree.dll

windows7-x64

3

Win32/kappfree.dll

windows10-2004-x64

3

Win32/kelloworld.dll

windows7-x64

3

Win32/kelloworld.dll

windows10-2004-x64

3

Win32/klock.dll

windows7-x64

3

Win32/klock.dll

windows10-2004-x64

3

Win32/mimikatz.exe

windows7-x64

3

Win32/mimikatz.exe

windows10-2004-x64

3

Win32/mimikatz.sys

windows7-x64

10

Win32/mimikatz.sys

windows10-2004-x64

10

Win32/sekurlsa.dll

windows7-x64

3

Win32/sekurlsa.dll

windows10-2004-x64

3

tools/PsExec.exe

windows7-x64

3

tools/PsExec.exe

windows10-2004-x64

3

tools/tee.exe

windows7-x64

1

tools/tee.exe

windows10-2004-x64

3

tools/winmine.exe

windows7-x64

3

tools/winmine.exe

windows10-2004-x64

3

x64/kappfree.dll

windows7-x64

1

x64/kappfree.dll

windows10-2004-x64

1

x64/kelloworld.dll

windows7-x64

1

x64/kelloworld.dll

windows10-2004-x64

1

x64/klock.dll

windows7-x64

1

x64/klock.dll

windows10-2004-x64

1

x64/mimikatz.exe

windows7-x64

1

x64/mimikatz.exe

windows10-2004-x64

1

x64/mimikatz.sys

windows7-x64

10

x64/mimikatz.sys

windows10-2004-x64

10

x64/sekurlsa.dll

windows7-x64

1

x64/sekurlsa.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-10-2024 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Win32/mimikatz.sys

  • Size

    24KB

  • MD5

    d35240aef54b69c2bb5c9484cd61f37e

  • SHA1

    6d4203dbddfb89654ea41e44b03b66d05f178a14

  • SHA256

    4b617b1857645ec79b36086e2aff00dd010c14b6ebdd05718bc1a645dd2d0768

  • SHA512

    0f720e185a4e61752c3bd07179411f37e6dc463fb69484669bd841905732ea2fb4292b997619cac42104bfd746e1e3c3a1146e3eaf3ab855989338adaaa2fe4d

  • SSDEEP

    384:v0cjt6CvnrHAXszaGH/DMYFUi9DnbR7yzPFe++m8pK5+znVYEH9dUb+o7BoLms:NtdrH4QfByJedmg4+zVHkio7BoLms

Score
10/10
mimikatz

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Win32\mimikatz.sys
    1⤵
      PID:2192
      • C:\Users\Admin\AppData\Local\Temp\Win32\mimikatz.sys
        C:\Users\Admin\AppData\Local\Temp\Win32\mimikatz.sys
        2⤵
          PID:2956

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2956-0-0x0000000000010000-0x0000000000019000-memory.dmp

        Filesize

        36KB

        Download