Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-11-2024 15:37

General

  • Target

    test.exe

  • Size

    7.6MB

  • MD5

    7a43dc90a23fc14eced70881471821b6

  • SHA1

    ce9d907962d87dff5842923930bac30f6cecb318

  • SHA256

    939c4bd2c4468053da289d965da7e91609a4c18f3548cd8457128deb34a907a8

  • SHA512

    fefef51a0103d5209781b90262a9e43fd083d952b7f779d6cc0dc7bda713afe2eb021f2080835259fb72e1dcea5e8ae0a60d414a2d0c8e17a20954abe080308e

  • SSDEEP

    196608:4SjsokiY8XMCHGLLc54i1wN+lPIcu9KYK39sI3PPJNMRRccx:LYXoXMCHWUjqcuI3/PJNe

Score
10/10

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

  • Mimikatz family
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\test.exe
    "C:\Users\Admin\AppData\Local\Temp\test.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Users\Admin\AppData\Local\Temp\test.exe
      "C:\Users\Admin\AppData\Local\Temp\test.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4800
      • C:\Users\Admin\Downloads\mimikatz.exe
        C:\Users\Admin\Downloads\mimikatz.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\VCRUNTIME140.dll

    Filesize

    117KB

    MD5

    862f820c3251e4ca6fc0ac00e4092239

    SHA1

    ef96d84b253041b090c243594f90938e9a487a9a

    SHA256

    36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

    SHA512

    2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\_bz2.pyd

    Filesize

    82KB

    MD5

    cb8c06c8fa9e61e4ac5f22eebf7f1d00

    SHA1

    d8e0dfc8127749947b09f17c8848166bac659f0d

    SHA256

    fc3b481684b926350057e263622a2a5335b149a0498a8d65c4f37e39dd90b640

    SHA512

    e6da642b7200bfb78f939f7d8148581259baa9a5edda282c621d14ba88083a9b9bd3d17b701e9cde77ad1133c39bd93fc9d955bb620546bb4fcf45c68f1ec7d6

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\_decimal.pyd

    Filesize

    271KB

    MD5

    f3377f3de29579140e2bbaeefd334d4f

    SHA1

    b3076c564dbdfd4ca1b7cc76f36448b0088e2341

    SHA256

    b715d1c18e9a9c1531f21c02003b4c6726742d1a2441a1893bc3d79d7bb50e91

    SHA512

    34d9591590bba20613691a5287ef329e5927a58127ce399088b4d68a178e3af67159a8fc55b4fcdcb08ae094753b20dec2ac3f0b3011481e4ed6f37445cecdd5

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\_hashlib.pyd

    Filesize

    62KB

    MD5

    32d76c9abd65a5d2671aeede189bc290

    SHA1

    0d4440c9652b92b40bb92c20f3474f14e34f8d62

    SHA256

    838d5c8b7c3212c8429baf612623abbbc20a9023eec41e34e5461b76a285b86c

    SHA512

    49dc391f4e63f4ff7d65d6fd837332745cc114a334fd61a7b6aa6f710b235339964b855422233fac4510ccb9a6959896efe880ab24a56261f78b2a0fd5860cd9

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\_lzma.pyd

    Filesize

    154KB

    MD5

    1ba022d42024a655cf289544ae461fb8

    SHA1

    9772a31083223ecf66751ff3851d2e3303a0764c

    SHA256

    d080eabd015a3569813a220fd4ea74dff34ed2a8519a10473eb37e22b1118a06

    SHA512

    2b888a2d7467e29968c6bb65af40d4b5e80722ffdda760ad74c912f3a2f315d402f3c099fde82f00f41de6c9faaedb23a643337eb8821e594c567506e3464c62

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\_socket.pyd

    Filesize

    81KB

    MD5

    fe896371430bd9551717ef12a3e7e818

    SHA1

    e2a7716e9ce840e53e8fc79d50a77f40b353c954

    SHA256

    35246b04c6c7001ca448554246445a845ce116814a29b18b617ea38752e4659b

    SHA512

    67ecd9a07df0a07edd010f7e3732f3d829f482d67869d6bce0c9a61c24c0fdc5ff4f4e4780b9211062a6371945121d8883ba2e9e2cf8eb07b628547312dfe4c9

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\base_library.zip

    Filesize

    1.3MB

    MD5

    a9cbd0455b46c7d14194d1f18ca8719e

    SHA1

    e1b0c30bccd9583949c247854f617ac8a14cbac7

    SHA256

    df6c19637d239bfedc8cd13d20e0938c65e8fdf340622ff334db533f2d30fa19

    SHA512

    b92468e71490a8800e51410df7068dd8099e78c79a95666ecf274a9e9206359f049490b8f60b96081fafd872ec717e67020364bcfa972f26f0d77a959637e528

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\libcrypto-3.dll

    Filesize

    5.0MB

    MD5

    123ad0908c76ccba4789c084f7a6b8d0

    SHA1

    86de58289c8200ed8c1fc51d5f00e38e32c1aad5

    SHA256

    4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

    SHA512

    80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\python313.dll

    Filesize

    5.8MB

    MD5

    b9de917b925dd246b709bb4233777efd

    SHA1

    775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2

    SHA256

    0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99

    SHA512

    f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\select.pyd

    Filesize

    30KB

    MD5

    20831703486869b470006941b4d996f2

    SHA1

    28851dfd43706542cd3ef1b88b5e2749562dfee0

    SHA256

    78e5994c29d8851f28b5b12d59d742d876683aea58eceea1fb895b2036cdcdeb

    SHA512

    4aaf5d66d2b73f939b9a91e7eddfeb2ce2476c625586ef227b312230414c064aa850b02a4028363aa4664408c9510594754530a6d026a0a84be0168d677c1bc4

  • C:\Users\Admin\AppData\Local\Temp\_MEI25882\unicodedata.pyd

    Filesize

    693KB

    MD5

    0902d299a2a487a7b0c2d75862b13640

    SHA1

    04bcbd5a11861a03a0d323a8050a677c3a88be13

    SHA256

    2693c7ee4fba55dc548f641c0cb94485d0e18596ffef16541bd43a5104c28b20

    SHA512

    8cbef5a9f2d24da1014f8f1ccbddd997a084a0b04dd56bcb6ac38ddb636d05ef7e4ea7f67a085363aad3f43d45413914e55bdef14a662e80be955e6dfc2feca3

  • C:\Users\Admin\Downloads\mimikatz.exe

    Filesize

    1.2MB

    MD5

    e930b05efe23891d19bc354a4209be3e

    SHA1

    d1f7832035c3e8a73cc78afd28cfd7f4cece6d20

    SHA256

    92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50

    SHA512

    a7a59176ca275d5d5ea6547108907bbe8ddbf3489308b3d6efe571b685de7e6263d36d6580abe9587a7f77adc22d3b7b164ad42845b6c110b794eaba7ab47ec6