Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 26, 2022, 7:58 a.m.	Aug. 26, 2022, 8:02 a.m.

Size	1020.8KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`605d939941c5df2df5dbfb8ad84cfed4`
SHA256	`66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a`
CRC32	`F619B87D`
ssdeep	`24576:pACriKEO+AC//FSM4HO3+jMGlSKq0enXRxtP8B:91fc1dJ2SKEXk`
Yara	IsPE32 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer

mim.exe "C:\Users\test22\AppData\Local\Temp\mim.exe"
2432

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 184 events)

Time & API	Arguments	Status	Return
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: k console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: a console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: t console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: z console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: x console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: S console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: p console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: A console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: L console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: a console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: V console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: A console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: L console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: A console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: o console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: u console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: r console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: o console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: o console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: B console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: n console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: j console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: a console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: n console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: D console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: E console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: L console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: P console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: Y console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: g console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: n console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: t console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: l console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: k console_handle: 0x0000000f	1	1
WriteConsoleW Aug. 26, 2022, 7:58 a.m.	buffer: i console_handle: 0x0000000f	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 26, 2022, 7:58 a.m.		1	1	0

File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 events)

Lionic	Riskware.Win32.Mimikatz.1!c
MicroWorld-eScan	Trojan.GenericKD.39822937
CAT-QuickHeal	HackTool.Mimikatz.S13719266
ALYac	Trojan.GenericKD.39822937
Cylance	Unsafe
VIPRE	Trojan.GenericKD.39822937
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 004f0b6d1 )
Alibaba	Trojan:Win32/Mimikatz.4b2
K7GW	Riskware ( 004f0b6d1 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D25FA659
BitDefenderTheta	Gen:NN.ZexaF.34582.@u2@aiJ!Lsdi
VirIT	PUP.Win32.Delpy.B
Cyren	W32/Mimikatz.A.gen!Eldorado
Symantec	Hacktool.Mimikatz
Elastic	Windows.Hacktool.Mimikatz
ESET-NOD32	a variant of Win32/RiskWare.Mimikatz.BC
TrendMicro-HouseCall	HKTL_MIMIKATZ
Paloalto	generic.ml
ClamAV	Win.Dropper.ClipBanker-9778171-0
Kaspersky	Trojan-PSW.Win32.Mimikatz.gen
BitDefender	Trojan.GenericKD.39822937
NANO-Antivirus	Trojan.Win32.Mimikatz.hxnzvn
SUPERAntiSpyware	Hack.Tool/Gen-Mimikatz
Avast	Win32:HacktoolX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10ce32a0
Ad-Aware	Trojan.GenericKD.39822937
Emsisoft	Trojan.GenericKD.39822937 (B)
Comodo	Malware@#3afv56ldzfowu
DrWeb	Tool.Mimikatz.887
Zillya	Tool.Mimikatz.Win32.1637
TrendMicro	HKTL_MIMIKATZ
McAfee-GW-Edition	HTool-Mimikatz
FireEye	Generic.mg.605d939941c5df2d
Sophos	Mal/Generic-R + ATK/Apteryx-Gen
APEX	Malicious
Jiangmin	Trojan.PSW.Mimikatz.cck
Webroot	W32.Hacktool.Gen
Avira	PUA/Mimikatz.AR
Antiy-AVL	Trojan/Generic.ASMalwS.5C42
Kingsoft	Win32.PSWTroj.Mimikatz.g.(kcloud)
Gridinsoft	Hack.Mimikatz.ka!c
Microsoft	HackTool:Win32/Mimikatz.D
ZoneAlarm	HEUR:Trojan-PSW.Win32.Mimikatz.gen
GData	Win32.Riskware.Mimikatz.F
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.RL_Mimikatz.R290617
McAfee	HTool-Mimikatz
MAX	malware (ai score=94)

mim.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All