Overview

overview

10

Static

static

3

c4c047d46e...dN.exe

windows7-x64

1

c4c047d46e...dN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2024 08:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4c047d46e14e496373beddcfd45874751b18c6c2d95786c1609a59d5a79999dN.exe

  • Size

    119KB

  • MD5

    c37503702ee2ab9a44bee186a6b7f310

  • SHA1

    694e7b050c6ee7a837ff5ee2a7f14925bb081b41

  • SHA256

    c4c047d46e14e496373beddcfd45874751b18c6c2d95786c1609a59d5a79999d

  • SHA512

    242ac222e3d6ff31e83383f105e13877b4c9752183bbf6197160130da686f0efdae7096f95e07ddd696609d5465189d705512be3b6fe3cf4ec596ee0031ca764

  • SSDEEP

    3072:axoZ8Fwzfb1wKTY1FDM0dIhEVE6QopA66SOIl17QTmILem8SyIDRBFycRTA:EopSOIL7QTmiL8Slx

Score
10/10
mimikatz

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • Mimikatz family
    mimikatz
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4c047d46e14e496373beddcfd45874751b18c6c2d95786c1609a59d5a79999dN.exe
    "C:\Users\Admin\AppData\Local\Temp\c4c047d46e14e496373beddcfd45874751b18c6c2d95786c1609a59d5a79999dN.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4956-0-0x00007FFDBCE03000-0x00007FFDBCE05000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-1-0x00000204A17C0000-0x00000204A17E2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4956-2-0x00007FFDBCE00000-0x00007FFDBD8C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4956-3-0x00007FFDBCE03000-0x00007FFDBCE05000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4956-4-0x00007FFDBCE00000-0x00007FFDBD8C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4956-5-0x00000204BC2F0000-0x00000204BC43F000-memory.dmp

    Filesize

    1.3MB

    Download