Managed XDR

mimikatz.exe (Mimikatz) — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла
mimikatz.exe
Тип файла
PE32+ executable (console) x86-64, for MS Windows
Размер файла
1.3 MB
Первое обнаружение
Последнее обнаружение

Окружение

win7/x64 en

Хеши

SHA1
b4e1a02808a651879ade4f6888a1f294c8506cc6
SHA256
b601a4cf87ac958094379bef73b2dc7afba245d30be963e6b47b139b8ec5f605
MD5
b9ba73891c83daec0f8c01f5824e00b8

Вредоносное ПО

  • Mimikatz

Сигнатуры

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process
T1550.003 pass_the_ticket: Pass The Ticket is detected

Lateral Movement

T1550.003 pass_the_ticket: Pass The Ticket is detected

Other

yara_rules: Static rules
pe_overlay: PE file contains overlay

Похожие отчёты

Managed XDR