Managed XDR

mimikatz.exe (Mimikatz) — malware analysis report

File info

Filename
mimikatz.exe
File type
PE32+ executable (console) x86-64, for MS Windows
File size
1.3 MB
First seen
Last seen

Environment

win7/x64 en

Hashes

SHA1
b4e1a02808a651879ade4f6888a1f294c8506cc6
SHA256
b601a4cf87ac958094379bef73b2dc7afba245d30be963e6b47b139b8ec5f605
MD5
b9ba73891c83daec0f8c01f5824e00b8

Malwares

  • Mimikatz

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1550.003 pass_the_ticket: Pass The Ticket is detected
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Lateral Movement

T1550.003 pass_the_ticket: Pass The Ticket is detected

Other

yara_rules: Static rules
pe_overlay: PE file contains overlay

Related reports

Managed XDR