Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 3, 2021, 7:36 a.m.	June 3, 2021, 7:37 a.m.

Size	1.3MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`8d0a0f482090df08b986c7389c1401c2`
SHA256	`3e02e94e3ecb5d77415c25ee7ecece24953b4d7bd21bf9f9e3413ffbdad472d2`
CRC32	`F255ADC6`
ssdeep	`24576:mAyji7jTOAINRX6b0kKJIPn7DLHbJkejwtsMn+0UHbwW1FzRkUNpXg:mAyjiKOK6nHhfstsuEHhFzR/Dg`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen

mimikatz.exe "C:\Users\test22\AppData\Local\Temp\mimikatz.exe"
4208

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 184 events)

Time & API	Arguments	Status	Return
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: z console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: x console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: M console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: y console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: V console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: r console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: B console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: j console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: D console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: E console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: P console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: Y console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: g console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW June 3, 2021, 7:28 a.m.	buffer: i console_handle: 0x000000000000000f	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 3, 2021, 7:28 a.m.		1	1	0

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Heur.Mimikatz.1
FireEye	Generic.mg.8d0a0f482090df08
CAT-QuickHeal	HackTool.Mimikatz.S13719268
K7AntiVirus	Hacktool ( 0043c1591 )
Alibaba	RiskWare:Win64/Mimikatz.482a83d4
K7GW	Hacktool ( 0043c1591 )
Cybereason	malicious.82090d
Cyren	W64/S-b61adc75!Eldorado
Symantec	Hacktool.Mimikatz
ESET-NOD32	a variant of Win64/Riskware.Mimikatz.G
APEX	Malicious
Avast	Win64:MiscX-gen [PUP]
ClamAV	Win.Trojan.Mimikatz-6466236-0
Kaspersky	HEUR:Trojan-PSW.Win64.Mimikatz.gen
BitDefender	Gen:Heur.Mimikatz.1
Tencent	Trojan.Win64.Mimikatz.a
Sophos	Troj/Mimkatz-T
TrendMicro	HKTL_MIMIKATZ64
McAfee-GW-Edition	HTool-MimiKatz!8D0A0F482090
Emsisoft	Gen:Heur.Mimikatz.1 (B)
Ikarus	HackTool.Mimikatz
Jiangmin	HackTool.Mimikatz.fr
Avira	HEUR/AGEN.1127008
Gridinsoft	Hack.Mimikatz.ka!c
Microsoft	HackTool:Win32/Mimikatz.D
GData	Gen:Heur.Mimikatz.1
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win64.Mimikatz.R348743
McAfee	HTool-MimiKatz!8D0A0F482090
MAX	malware (ai score=88)
Malwarebytes	Generic.Trojan.Malicious.DDS
TrendMicro-HouseCall	HKTL_MIMIKATZ64
Rising	HackTool.Mimikatz!1.B3A8 (CLOUD)
SentinelOne	Static AI - Malicious PE
eGambit	hacktool.mimikatz
Fortinet	Riskware/Mimikatz
AVG	Win64:MiscX-gen [PUP]
Panda	HackingTool/Mimikatz
CrowdStrike	win/malicious_confidence_90% (W)

mimikatz.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All