Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 4, 2023, 6 p.m.	Dec. 4, 2023, 6:02 p.m.

Size	1.0MB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`d3b17ddf0b98fd2441ed46b033043456`
SHA256	`94795fd89366e01bd6ce6471ff27c3782e2e16377a848426cf0b2e6baee9449b`
CRC32	`97E1FFE0`
ssdeep	`24576:uiDjF7X3YoGq4tC1YJk+3nWBkDeq26iLutKcEY4:u05YjqakE3Aq2vu7E`
Yara	IsPE32 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware

1.exe "C:\Users\test22\AppData\Local\Temp\1.exe"
1872

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 184 events)

Time & API	Arguments	Status	Return
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: k console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: a console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: t console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: z console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: x console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: S console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: p console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: A console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: L console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: a console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: V console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: A console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: L console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: A console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: o console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: u console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: r console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: o console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: o console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: B console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: n console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: j console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: a console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: n console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: D console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: E console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: L console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: P console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: Y console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: g console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: n console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: t console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: l console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: k console_handle: 0x0000000f	1	1
WriteConsoleW Dec. 4, 2023, 6 p.m.	buffer: i console_handle: 0x0000000f	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 4, 2023, 6 p.m.		1	1	0

File has been identified by 63 AntiVirus engines on VirusTotal as malicious (50 out of 63 events)

Bkav	W32.Common.83A3D373
Lionic	Trojan.Win32.Mimikatz.i!c
DrWeb	Tool.Mimikatz.1231
MicroWorld-eScan	Trojan.Mimikatz.B
FireEye	Generic.mg.d3b17ddf0b98fd24
CAT-QuickHeal	HackTool.Mimikatz.S13719266
Skyhigh	BehavesLike.Win32.HToolMimikatz.th
McAfee	HTool-Mimikatz
Malwarebytes	Mimikatz.Spyware.Stealer.DDS
Zillya	Trojan.Mimikatz.Win32.1772
Sangfor	HackTool.Win64.Mimikatz.uwccg
K7AntiVirus	Riskware ( 0057fd7a1 )
Alibaba	TrojanPSW:Win32/Mimikatz.ca248c9f
K7GW	Riskware ( 0057fd7a1 )
BitDefenderTheta	Gen:NN.ZexaF.36608.cv0@a0UVOlli
VirIT	Trojan.Win32.Genus.RTZ
Symantec	Hacktool.Mimikatz
Elastic	Windows.Hacktool.Mimikatz
ESET-NOD32	a variant of Win32/RiskWare.Mimikatz.BC
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Trojan-PSW.Win32.Mimikatz.gen
BitDefender	Trojan.Mimikatz.B
NANO-Antivirus	Trojan.Win32.Mimikatz.jsrits
SUPERAntiSpyware	Trojan.Agent/Gen-Mimikatz
Avast	Win32:HacktoolX-gen [Trj]
Tencent	Malware.Win32.Gencirc.13f73dc6
TACHYON	Trojan-PWS/W32.Mimikatz.1084416
Emsisoft	Trojan.Mimikatz.B (B)
F-Secure	Trojan.TR/AD.Mimikatz.zuzcj
VIPRE	Trojan.Mimikatz.B
TrendMicro	HackTool.Win32.Mimikatz.CNGG
Trapmine	malicious.high.ml.score
Sophos	ATK/Apteryx-Gen
SentinelOne	Static AI - Malicious PE
GData	Trojan.Mimikatz.B
Jiangmin	Trojan.PSW.Mimikatz.dsg
Webroot	W32.Hacktool.Gen
Google	Detected
Avira	TR/AD.Mimikatz.zuzcj
Antiy-AVL	RiskWare/Win32.Mimikatz
Kingsoft	Win32.PSWTroj.Undef.a
Gridinsoft	Risk.Win32.Mimikatz.bot
Xcitium	ApplicUnwnt@#1rkmtnixm7hy6
Arcabit	Trojan.Mimikatz.B
ViRobot	HackTool.S.Mimikatz.1084416
ZoneAlarm	Trojan-PSW.Win32.Mimikatz.gen
Microsoft	HackTool:Win32/Mimikatz.D
Varist	W32/Mimikatz.A.gen!Eldorado
AhnLab-V3	Trojan/Win32.RL_Mimikatz.R364133

1.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All