Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-11-2024 22:09

General

  • Target

    mimikatz-master/Win32/mimidrv.sys

  • Size

    28KB

  • MD5

    49518f7375a5f995ebe9423d8f19cfe4

  • SHA1

    46c9a474a1a62c25a05bc7661b75a80b471616e6

  • SHA256

    a0931e16cf7b18d15579e36e0a69edad1717b07527b5407f2c105a2f554224b2

  • SHA512

    63236cc2b517552ea4e5c8211b2cba5c36f50d40a01c97488f8234a28bc212cdb83e95d1e829b591ff1cb4d4f3bd79a79a0e32aca7cb73077f80fb6d14a55e7f

  • SSDEEP

    384:ji91BwAaJmCH6wseck/+5f2AWyzJJ5cF/7fZ+B8YluynVYEH5C+vdUb+se:jiHyA4sLMyNJ5+zfZ+B8YluyVHZC5ise

Score
10/10

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

  • Mimikatz family
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mimikatz-master\Win32\mimidrv.sys
    1⤵
      PID:4808
      • C:\Users\Admin\AppData\Local\Temp\mimikatz-master\Win32\mimidrv.sys
        C:\Users\Admin\AppData\Local\Temp\mimikatz-master\Win32\mimidrv.sys
        2⤵
          PID:3468

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3468-0-0x0000000000010000-0x000000000001B000-memory.dmp

        Filesize

        44KB