Overview

overview

10

Static

static

3

dcb3ab43a6...80.exe

windows7-x64

1

dcb3ab43a6...80.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-10-2024 16:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcb3ab43a6ea430667bd1b5283ef0db79b2349031c0e91b3b4e1403b24c98d80.exe

  • Size

    1.6MB

  • MD5

    9ff9e0b9601d48a256409e5831a086be

  • SHA1

    b004eb0dae356da360b3efe55c8b281e0dc93b64

  • SHA256

    dcb3ab43a6ea430667bd1b5283ef0db79b2349031c0e91b3b4e1403b24c98d80

  • SHA512

    da597b90a515a538a29519e7491afb270f3b32157a5fc289467198c0836436acda056ae27969e56f83462d6fa20aa3e24348bd462e39e73d50b50328bc302f1d

  • SSDEEP

    6144:6VXtCGgA9T7uUVaIvbXCRxo2HHVKwIsgKNEYcevyODHqwsfPuu4TJ+voESuxDnxS:6VW+mu3wpgFl+98rOJx

Score
10/10
mimikatz

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • Mimikatz family
    mimikatz
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • Suspicious use of SetThreadContext 5 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 56 IoCs

Processes

  • C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsass.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:664
  • C:\Windows\sysmon.exe
    C:\Windows\sysmon.exe
    1⤵
      PID:2572
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:3424
        • C:\Users\Admin\AppData\Local\Temp\dcb3ab43a6ea430667bd1b5283ef0db79b2349031c0e91b3b4e1403b24c98d80.exe
          "C:\Users\Admin\AppData\Local\Temp\dcb3ab43a6ea430667bd1b5283ef0db79b2349031c0e91b3b4e1403b24c98d80.exe"
          2⤵
            PID:3436
            • C:\Windows\System32\werfault.exe
              \??\C:\Windows\System32\werfault.exe
              3⤵
              • Suspicious use of SetThreadContext
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2944
              • C:\Windows\system32\rundll32.exe
                C:\Windows\system32\rundll32.exe
                4⤵
                • Suspicious use of WriteProcessMemory
                PID:3932
                • C:\Windows\system32\ipconfig.exe
                  "C:\Windows\system32\ipconfig.exe" /all
                  5⤵
                  • Gathers network information
                  PID:1316
              • C:\Windows\system32\rundll32.exe
                C:\Windows\system32\rundll32.exe
                4⤵
                  PID:4752
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /C set
                  4⤵
                    PID:1700
                  • C:\Windows\system32\rundll32.exe
                    C:\Windows\system32\rundll32.exe
                    4⤵
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:3808
                  • C:\Windows\system32\rundll32.exe
                    C:\Windows\system32\rundll32.exe
                    4⤵
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2996
                  • C:\Windows\system32\rundll32.exe
                    C:\Windows\system32\rundll32.exe
                    4⤵
                      PID:1180
              • C:\Windows\system32\backgroundTaskHost.exe
                "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                1⤵
                  PID:2460
                • C:\Windows\system32\BackgroundTransferHost.exe
                  "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
                  1⤵
                    PID:4504

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/664-30-0x000002799F950000-0x000002799F951000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/1180-32-0x000001C34E790000-0x000001C34E7C1000-memory.dmp

                    Filesize

                    196KB

                    Download

                  • memory/2944-1-0x0000014C11110000-0x0000014C1115C000-memory.dmp

                    Filesize

                    304KB

                    Download

                  • memory/2944-2-0x0000014C11400000-0x0000014C11458000-memory.dmp

                    Filesize

                    352KB

                    Download

                  • memory/2944-3-0x0000014C11400000-0x0000014C11458000-memory.dmp

                    Filesize

                    352KB

                    Download

                  • memory/2996-28-0x000001D08CE70000-0x000001D08CE85000-memory.dmp

                    Filesize

                    84KB

                    Download

                  • memory/3424-41-0x00000000030C0000-0x00000000030D9000-memory.dmp

                    Filesize

                    100KB

                    Download

                  • memory/3424-40-0x0000000002A20000-0x0000000002A35000-memory.dmp

                    Filesize

                    84KB

                    Download

                  • memory/3436-0-0x00007FFD65870000-0x00007FFD65A65000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/3808-26-0x000001C4C1510000-0x000001C4C155D000-memory.dmp

                    Filesize

                    308KB

                    Download

                  • memory/3932-27-0x00007FFD45615000-0x00007FFD45616000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/3932-11-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/3932-12-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/3932-13-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/3932-4-0x0000019681600000-0x0000019681622000-memory.dmp

                    Filesize

                    136KB

                    Download

                  • memory/3932-5-0x00000196818C0000-0x00000196818E6000-memory.dmp

                    Filesize

                    152KB

                    Download

                  • memory/3932-6-0x00000196818C0000-0x00000196818E6000-memory.dmp

                    Filesize

                    152KB

                    Download

                  • memory/3932-25-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/3932-7-0x00007FFD45615000-0x00007FFD45616000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/3932-29-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/3932-21-0x00000196818C0000-0x00000196818E6000-memory.dmp

                    Filesize

                    152KB

                    Download

                  • memory/3932-8-0x0000019681D10000-0x0000019681D18000-memory.dmp

                    Filesize

                    32KB

                    Download

                  • memory/3932-9-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/3932-10-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/4752-17-0x00007FFD45615000-0x00007FFD45616000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4752-24-0x0000022A7B310000-0x0000022A7B336000-memory.dmp

                    Filesize

                    152KB

                    Download

                  • memory/4752-23-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/4752-20-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/4752-22-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/4752-19-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/4752-18-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/4752-16-0x0000022A7B310000-0x0000022A7B336000-memory.dmp

                    Filesize

                    152KB

                    Download

                  • memory/4752-38-0x0000022A7B310000-0x0000022A7B336000-memory.dmp

                    Filesize

                    152KB

                    Download

                  • memory/4752-39-0x00007FFD45360000-0x00007FFD45D01000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/4752-15-0x0000022A7B310000-0x0000022A7B336000-memory.dmp

                    Filesize

                    152KB

                    Download

                  • memory/4752-14-0x0000022A7B050000-0x0000022A7B072000-memory.dmp

                    Filesize

                    136KB

                    Download