Detecting In-Memory Mimikatz - Security Risk Advisors
Tags
| attack-pattern: | Rundll32 - T1218.011 Tool - T1588.002 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | cc3e70a9-0459-460b-bf0f-0d0a45b12f50 |
| Fingerprint | afb199b72db18193 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 16, 2016, 10:25 p.m. |
| Added to db | Jan. 18, 2023, 9:41 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Detecting In-Memory Mimikatz |
| Title | Detecting In-Memory Mimikatz - Security Risk Advisors |
| Detected Hints/Tags/Attributes | 26/1/14 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://securityriskadvisors.com/blog/post/detecting-in-memory-mimikatz/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 4 | ntdsapi.dll |
|
| Details | File | 59 | netapi32.dll |
|
| Details | File | 16 | imm32.dll |
|
| Details | File | 14 | samlib.dll |
|
| Details | File | 21 | combase.dll |
|
| Details | File | 4 | srvcli.dll |
|
| Details | File | 10 | shcore.dll |
|
| Details | File | 1 | ntasn1.dll |
|
| Details | File | 14 | cryptdll.dll |
|
| Details | File | 7 | logoncli.dll |
|
| Details | File | 23 | vaultcli.dll |
|
| Details | File | 12 | wlanapi.dll |
|
| Details | File | 13 | mimidrv.sys |