popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

mz64.exe

Generic Malware Malicious Library UPX Malicious Packer PE64 PE File OS Processor Check
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 June 16, 2024, 9:55 a.m. June 16, 2024, 10:15 a.m.
Size 979.0KB
Type PE32+ executable (console) x86-64, for MS Windows
MD5 297b896dbf8d619c61fd947086fce6e8
SHA256 b294f94c469f43a78a324b5cfecbde0afb3aa0256bbde06ca2718b8c038a9324
CRC32 BDA9B969
ssdeep 24576:rjEObtgfYpGGQakZ6tXEu3hA+w3552NGQ4wE:3EngmstRhA+wJ5e
Yara
  • Malicious_Packer_Zero - Malicious Packer
  • Malicious_Library_Zero - Malicious_Library
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: P
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: r
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: i
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: v
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: i
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: l
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: e
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: g
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: e
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: O
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: K
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: U
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: s
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: i
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: n
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: g
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: m
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: z
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: l
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: o
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: g
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: f
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: o
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: r
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: l
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: o
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: g
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: f
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: i
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: l
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: e
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: O
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: K
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: A
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: u
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: t
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: h
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: e
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: n
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: t
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: i
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: c
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: a
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: t
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: i
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: o
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: n
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: I
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: d
console_handle: 0x000000000000000f
1 1 0

WriteConsoleW

 buffer: f
console_handle: 0x000000000000000f
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtOpenProcess

 desired_access: 0x00001010 ()
process_identifier: 460
process_handle: 0x000000000000014c
1 0 0

ReadProcessMemory

 buffer: ÿÿÿÿÿÿÿÿèÿ@&æv
process_handle: 0x000000000000014c
base_address: 0x000007fffffd6000
1 1 0

ReadProcessMemory

 buffer: X@%8ð@P%8@P&8@
process_handle: 0x000000000000014c
base_address: 0x0000000076e62640
1 1 0

ReadProcessMemory

 buffer: 0&8P&æv@&8`&ævèÿPèÿÀ:<¨#8Ð#8
process_handle: 0x000000000000014c
base_address: 0x0000000000382540
1 1 0

ReadProcessMemory

 buffer: lsass.exe
process_handle: 0x000000000000014c
base_address: 0x00000000003823d0
1 1 0

ReadProcessMemory

 buffer: MZÿÿ¸@ð
process_handle: 0x000000000000014c
base_address: 0x00000000ffe80000
1 1 0

ReadProcessMemory

 buffer: PEd†UÁ[Jð"
process_handle: 0x000000000000014c
base_address: 0x00000000ffe800f0
1 1 0

ReadProcessMemory

 buffer: PEd†UÁ[Jð"  (RPèÿÀÜQ@Àjklj@ ä°Ô`68èl@X
process_handle: 0x000000000000014c
base_address: 0x00000000ffe800f0
1 1 0

ReadProcessMemory

 buffer: °)8@%8À)8P%8@+8p&ævÓv:<°$8øSäv
process_handle: 0x000000000000014c
base_address: 0x0000000000382630
1 1 0

ReadProcessMemory

 buffer: ntdll.dll
process_handle: 0x000000000000014c
base_address: 0x0000000076e453f8
1 1 0

ReadProcessMemory

 buffer: MZÿÿ¸@à
process_handle: 0x000000000000014c
base_address: 0x0000000076d30000
1 1 0

ReadProcessMemory

 buffer: PEd†ùÈçLð"
process_handle: 0x000000000000014c
base_address: 0x0000000076d300e0
1 1 0

ReadProcessMemory

 buffer: PEd†ùÈçLð"  D ÓvêU@pb|ñØ`à$/*`C€à8
process_handle: 0x000000000000014c
base_address: 0x0000000076d300e0
1 1 0

ReadProcessMemory

 buffer: +80&80+8@&8p88@+8Áv ^Âvð@B`)8ˆ)8
process_handle: 0x000000000000014c
base_address: 0x00000000003829b0
1 1 0

ReadProcessMemory

 buffer: kernel32.dll
process_handle: 0x000000000000014c
base_address: 0x0000000000382988
1 1 0

ReadProcessMemory

 buffer: MZÿÿ¸@è
process_handle: 0x000000000000014c
base_address: 0x0000000076c10000
1 1 0

ReadProcessMemory

 buffer: PEd†‹ÇçLð"
process_handle: 0x000000000000014c
base_address: 0x0000000076c100e8
1 1 0

ReadProcessMemory

 buffer: PEd†‹ÇçLð"  ¬  ^ÁvðCz@< @«Üƒô`(À —p¸z\º 8àÀ ˜
process_handle: 0x000000000000014c
base_address: 0x0000000076c100e8
1 1 0

ReadProcessMemory

 buffer: P88°)8`88À)8Ð)8P&8Oýþà0Oýþ°DFÐ*8ø*8
process_handle: 0x000000000000014c
base_address: 0x0000000000382b20
1 1 0

ReadProcessMemory

 buffer: KERNELBASE.dll
process_handle: 0x000000000000014c
base_address: 0x0000000000382af8
1 1 0

ReadProcessMemory

 buffer: MZÿÿ¸@ð
process_handle: 0x000000000000014c
base_address: 0x000007fefd4f0000
1 1 0

ReadProcessMemory

 buffer: PEd†ŒÇçLð"
process_handle: 0x000000000000014c
base_address: 0x000007fefd4f00f0
1 1 0

ReadProcessMemory

 buffer: PEd†ŒÇçLð"  ŠÚà0Oýþ°•@جQN¤S(0 @b 8\™8è Ø
process_handle: 0x000000000000014c
base_address: 0x000007fefd4f00f0
1 1 0

ReadProcessMemory

 buffer: €:8 +8:80+8 :8Ð)8¯ýþ %¯ýþð <>88(88
process_handle: 0x000000000000014c
base_address: 0x0000000000383850
1 1 0

ReadProcessMemory

 buffer: msvcrt.dll
process_handle: 0x000000000000014c
base_address: 0x0000000000383828
1 1 0

ReadProcessMemory

 buffer: MZÿÿ¸@è
process_handle: 0x000000000000014c
base_address: 0x000007fefdaf0000
1 1 0

ReadProcessMemory

 buffer: PEd†¾ß[Jð"
process_handle: 0x000000000000014c
base_address: 0x000007fefdaf00e8
1 1 0

ReadProcessMemory

 buffer: PEd†¾ß[Jð"  †, %¯ýþð 2F @Ô³ñjD¯ÌÐ ðp ˆ\à ¼¸“8àÈ €
process_handle: 0x000000000000014c
base_address: 0x000007fefdaf00e8
1 1 0

ReadProcessMemory

 buffer: ?8P88 ?8`88°?8p88¹ýþPí½ýþÐ<>þ0:8X:8
process_handle: 0x000000000000014c
base_address: 0x0000000000383a80
1 1 0

ReadProcessMemory

 buffer: RPCRT4.dll
process_handle: 0x000000000000014c
base_address: 0x0000000000383a58
1 1 0

ReadProcessMemory

 buffer: MZÿÿ¸@ð
process_handle: 0x000000000000014c
base_address: 0x000007fefdb90000
1 1 0

ReadProcessMemory

 buffer: PEd†nÉçLð"
process_handle: 0x000000000000014c
base_address: 0x000007fefdb900f0
1 1 0

ReadProcessMemory

 buffer: PEd†nÉçLð"  ˆPí¹ýþÐO÷@®E¦ÌpP<HV° › 88Ü0РÀ
process_handle: 0x000000000000014c
base_address: 0x000007fefdb900f0
1 1 0

ReadProcessMemory

 buffer: :€:80::80ž: :8þüþþüþ°>@þ@?8h?8
process_handle: 0x000000000000014c
base_address: 0x0000000000383f90
1 1 0

ReadProcessMemory

 buffer: SspiSrv.dll
process_handle: 0x000000000000014c
base_address: 0x0000000000383f68
1 1 0

ReadProcessMemory

 buffer: MZÿÿ¸@ð
process_handle: 0x000000000000014c
base_address: 0x000007fefcfe0000
1 1 0

ReadProcessMemory

 buffer: PEd†ðÉçLð"
process_handle: 0x000000000000014c
base_address: 0x000007fefcfe00f0
1 1 0

ReadProcessMemory

 buffer: PEd†ðÉçLð"  Lþüþ°.@ÈYp8Z´€´ €€/8è40H
process_handle: 0x000000000000014c
base_address: 0x000007fefcfe00f0
1 1 0

ReadProcessMemory

 buffer: ž:?8 ž: ?8àÃ:Â:çüþäHçüþp<>ÿМ:øœ:
process_handle: 0x000000000000014c
base_address: 0x00000000003a9d20
1 1 0

ReadProcessMemory

 buffer: lsasrv.dll
process_handle: 0x000000000000014c
base_address: 0x00000000003a9cf8
1 1 0

ReadProcessMemory

 buffer: MZÿÿ¸@è
process_handle: 0x000000000000014c
base_address: 0x000007fefce70000
1 1 0

ReadProcessMemory

 buffer: PEd†)ÇçLð"
process_handle: 0x000000000000014c
base_address: 0x000007fefce700e8
1 1 0

ReadProcessMemory

 buffer: PEd†)ÇçLð"  ZÖäHçüþpTÍ@@…¯„_Tð¸O0±@à øg8àÜp@ÜDÀ
process_handle: 0x000000000000014c
base_address: 0x000007fefce700e8
1 1 0

ReadProcessMemory

 buffer:  Ÿ: :°Ÿ:0:ÀŸ:°?8Åþþè`Åþþð>@€œ:¨œ:
process_handle: 0x000000000000014c
base_address: 0x00000000003a9e10
1 1 0

ReadProcessMemory

 buffer: sechost.dll
process_handle: 0x000000000000014c
base_address: 0x00000000003a9ca8
1 1 0

ReadProcessMemory

 buffer: MZÿÿ¸@è
process_handle: 0x000000000000014c
base_address: 0x000007fefec50000
1 1 0

ReadProcessMemory

 buffer: PEd†^à[Jð"
process_handle: 0x000000000000014c
base_address: 0x000007fefec500e8
1 1 0

ReadProcessMemory

 buffer: PEd†^à[Jð"  €>è`Åþþð:´@À‡Ë r@Ð Àhà¤p¸phr@
process_handle: 0x000000000000014c
base_address: 0x000007fefec500e8
1 1 0

ReadProcessMemory

 buffer: Pš:ž:`š: ž:pš:0ž:ÿüþX–ÿüþP>@þPŸ:xŸ:
process_handle: 0x000000000000014c
base_address: 0x00000000003a9fa0
1 1 0

ReadProcessMemory

 buffer: SspiCli.dll
process_handle: 0x000000000000014c
base_address: 0x00000000003a9f78
1 1 0
Time & API Arguments Status Return Repeated

NtOpenProcess

 desired_access: 0x00001010 ()
process_identifier: 460
process_handle: 0x000000000000014c
1 0 0
Lionic Trojan.Win32.Mimikatz.4!c
Elastic Windows.Hacktool.Mimikatz
Cynet Malicious (score: 100)
Skyhigh HTool-MimiKatz!297B896DBF8D
ALYac Trojan.GenericKD.73119377
Cylance Unsafe
VIPRE Trojan.GenericKD.73119377
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 004f7d031 )
BitDefender Trojan.GenericKD.73119377
K7GW Trojan ( 004f7d031 )
Cybereason malicious.dbf8d6
Arcabit Trojan.Generic.D45BB691
VirIT HackTool.Win64.Agent.GVK
Symantec Hacktool.Mimikatz
ESET-NOD32 a variant of Win64/Riskware.Mimikatz.D
APEX Malicious
McAfee HTool-MimiKatz!297B896DBF8D
Avast Win64:HacktoolX-gen [Trj]
ClamAV Win.Trojan.Agent-7039752-0
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba TrojanPSW:Win64/Mimikatz.839c9dd9
NANO-Antivirus Trojan.Win64.MimiKatz.fsqypd
SUPERAntiSpyware Trojan.Agent/Gen-Mimikatz
MicroWorld-eScan Trojan.GenericKD.73119377
Rising HackTool.Mimikatz!1.B8DF (CLASSIC)
Emsisoft Trojan.GenericKD.73119377 (B)
F-Secure Trojan.TR/AD.Mimikatz.enmvc
Zillya Tool.Mimikatz.Win64.659
TrendMicro HackTool.Win64.MIMIKATZ.ENQ
McAfeeD ti!B294F94C469F
Trapmine suspicious.low.ml.score
FireEye Generic.mg.297b896dbf8d619c
Sophos ATK/Mimikatz-AT
Ikarus HackTool.Mimikatz
Jiangmin Trojan.PSW.Mimikatz.ayl
Webroot W32.Malware.gen
Google Detected
Avira TR/AD.Mimikatz.enmvc
MAX malware (ai score=94)
Antiy-AVL Trojan[PSW]/Win64.Mimikatz
Kingsoft Win32.Trojan.Generic.a
Gridinsoft Risk.Win64.Gen.dd!i
Xcitium Malware@#1dv5fdc454e9l
Microsoft HackTool:Win32/Mimikatz.D
ZoneAlarm HEUR:Trojan.Win32.Generic
GData Trojan.GenericKD.73119377
Varist W64/S-0b38a7ac!Eldorado
AhnLab-V3 Trojan/Win64.RL_Mimikatz.R280777
DeepInstinct MALICIOUS