Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 10, 2022, 8:05 a.m.	Nov. 10, 2022, 8:07 a.m.

Size	1.3MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`bb8bdb3e8c92e97e2f63626bc3b254c4`
SHA256	`912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9`
CRC32	`D59AFCBF`
ssdeep	`24576:APOLHP7+a2HVvM0UyYG7SbQbcaXjn4Gy5+aYoNEVJEjA3e:APO/4UgOLaz4FQdoNEVmMe`
Yara	Generic_Malware_Zero - Generic Malware Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file

1.exe "C:\Users\test22\AppData\Local\Temp\1.exe"
1072

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 184 events)

Time & API	Arguments	Status	Return
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: z console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: x console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: g console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: V console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: r console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: B console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: j console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: D console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: E console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: P console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: Y console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: g console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW Nov. 10, 2022, 7:58 a.m.	buffer: i console_handle: 0x000000000000000f	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 10, 2022, 7:58 a.m.		1	1	0

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 events)

Lionic	Riskware.Win32.Mimikatz.1!c
DrWeb	Tool.Mimikatz.1166
MicroWorld-eScan	Trojan.Agent.FUUJ
CAT-QuickHeal	HackTool.Mimikatz.S13719268
ALYac	Misc.HackTool.Mimikatz
Malwarebytes	Generic.Trojan.Malicious.DDS
Zillya	Trojan.Mimikatz.Win64.510
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005230541 )
Alibaba	Trojan:Win32/Mimikatz.4b2
K7GW	Trojan ( 005230541 )
Cybereason	malicious.e8c92e
VirIT	PUP.Win32.Delpy.B
Cyren	W64/S-b61adc75!Eldorado
Symantec	Hacktool.Mimikatz
Elastic	Windows.Hacktool.Mimikatz
ESET-NOD32	a variant of Win64/Riskware.Mimikatz.G
Paloalto	generic.ml
ClamAV	Win.Dropper.Mimikatz-9778171-1
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Trojan.Agent.FUUJ
ViRobot	HackTool.Mimikatz.1355680
Avast	Win64:Malware-gen
Rising	HackTool.Mimikatz!1.B3A8 (CLASSIC)
Ad-Aware	Trojan.Agent.FUUJ
Emsisoft	Trojan.Agent.FUUJ (B)
Comodo	ApplicUnwnt@#n8us1xaciy0v
VIPRE	Trojan.Agent.FUUJ
TrendMicro	HackTool.Win64.MIMIKATZ.ZTJA
McAfee-GW-Edition	HTool-MimiKatz!BB8BDB3E8C92
FireEye	Generic.mg.bb8bdb3e8c92e97e
Sophos	Mal/Generic-R + ATK/Apteryx-Gen
Ikarus	HackTool.Mimikatz
GData	Trojan.Agent.FUUJ
Jiangmin	Trojan.PSW.Mimikatz.pv
Webroot	W32.Hacktool.Gen
Google	Detected
Avira	HEUR/AGEN.1201775
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASMalwS.4991
Gridinsoft	Hack.Mimikatz.ka!c
Arcabit	Trojan.Agent.FUUJ
SUPERAntiSpyware	Hack.Tool/Gen-Mimikatz
ZoneAlarm	Trojan-PSW.Win32.Mimikatz.gen
Microsoft	HackTool:Win32/Mimikatz.D
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.RL_Mimikatz.R366782
McAfee	HTool-MimiKatz!BB8BDB3E8C92
VBA32	TrojanPSW.Win64.Mimikatz
Cylance	Unsafe

1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All