Overview

overview

10

Static

static

10

mimi.zip

windows7-x64

1

mimi.zip

windows10-2004-x64

1

home/macie...rv.sys

windows7-x64

10

home/macie...rv.sys

windows10-2004-x64

10

home/macie...tz.exe

windows7-x64

3

home/macie...tz.exe

windows10-2004-x64

3

home/macie...ib.dll

windows7-x64

3

home/macie...ib.dll

windows10-2004-x64

3

home/macie...ve.exe

windows7-x64

3

home/macie...ve.exe

windows10-2004-x64

3

home/macie...ol.dll

windows7-x64

3

home/macie...ol.dll

windows10-2004-x64

3

home/macie...ds.yar

windows7-x64

3

home/macie...ds.yar

windows10-2004-x64

3

home/macie...om.idl

windows7-x64

3

home/macie...om.idl

windows10-2004-x64

3

home/macie...rv.sys

windows7-x64

10

home/macie...rv.sys

windows10-2004-x64

10

home/macie...tz.exe

windows7-x64

1

home/macie...tz.exe

windows10-2004-x64

1

home/macie...ib.dll

windows7-x64

1

home/macie...ib.dll

windows10-2004-x64

1

home/macie...ol.dll

windows7-x64

1

home/macie...ol.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/01/2025, 13:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    home/maciek/mimikatz/x64/mimidrv.sys

  • Size

    36KB

  • MD5

    c94de9019767a79573b25c870936d9a8

  • SHA1

    c66a1c6fbeacaf2db288bff8c064dfe775fd1508

  • SHA256

    bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc

  • SHA512

    e8b712a0b0b65520ec17e5576fe1c7c61a2a2a13502f9626625ef4b988b84178f68c0ca2337e2d766e42c19a681a7df41de3faef950ab0698139b89463ec2031

  • SSDEEP

    768:APVvAF3Sz0Kp4TC/ndBW8ipSfnA+vl1qlCGB8zlu0xVHZC5isB:0VvPz0K3AmDlQlHB8zl9xJwisB

Score
10/10
mimikatz

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • Mimikatz family
    mimikatz
  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\home\maciek\mimikatz\x64\mimidrv.sys
    1⤵
      PID:1128
      • C:\Users\Admin\AppData\Local\Temp\home\maciek\mimikatz\x64\mimidrv.sys
        C:\Users\Admin\AppData\Local\Temp\home\maciek\mimikatz\x64\mimidrv.sys
        2⤵
          PID:1156

      Network

      • flag-us
        DNS
        73.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        205.47.74.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        205.47.74.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        200.163.202.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.163.202.172.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        43.229.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        43.229.111.52.in-addr.arpa
        IN PTR
        Response
      No results found
      • 8.8.8.8:53
        73.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        73.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        205.47.74.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        205.47.74.20.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        200.163.202.172.in-addr.arpa
        dns
        74 B
         160 B
         1
        1

        DNS Request

        200.163.202.172.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        210 B
         144 B
         3
        1

        DNS Request

        18.31.95.13.in-addr.arpa

        DNS Request

        18.31.95.13.in-addr.arpa

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        43.229.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        43.229.111.52.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1156-0-0x0000000000010000-0x000000000001E000-memory.dmp

        Filesize

        56KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.