Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 28, 2024, 12:40 p.m.	June 28, 2024, 12:42 p.m.

Size	1.2MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`e930b05efe23891d19bc354a4209be3e`
SHA256	`92804faaab2175dc501d73e814663058c78c0a042675a8937266357bcfb96c50`
CRC32	`FE440E57`
ssdeep	`24576:zLrEjqXg4NiXcmHVjIhlIyEeQ37uV3Ugmf4Yl0Q0V7FCR:zLZo1jFyjFJhmf4YlHWk`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware

mimikatz.exe "C:\Users\test22\AppData\Local\Temp\mimikatz.exe"
2576

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 181 events)

Time & API	Arguments	Status	Return
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: z console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: x console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: F console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: b console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: V console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: r console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: B console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: j console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: D console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: E console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: P console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: Y console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: g console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW June 28, 2024, 12:32 p.m.	buffer: i console_handle: 0x000000000000000f	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 28, 2024, 12:32 p.m.		1	1	0

File has been identified by 65 AntiVirus engines on VirusTotal as malicious (50 out of 65 events)

Bkav	W32.Common.F35767B6
Elastic	Windows.Hacktool.Mimikatz
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Mimikatz.S13719268
Skyhigh	HTool-MimiKatz
ALYac	Generic.Trojan.Mimikatz.Marte.!s!.A.CE947EEC
Cylance	Unsafe
VIPRE	Generic.Trojan.Mimikatz.Marte.!s!.A.CE947EEC
Sangfor	HackTool.Win64.Mimikatz.uwccg
K7AntiVirus	Hacktool ( 0043c1591 )
BitDefender	Generic.Trojan.Mimikatz.Marte.!s!.A.CE947EEC
K7GW	Hacktool ( 0043c1591 )
Cybereason	malicious.efe238
Arcabit	Generic.Trojan.Mimikatz.Marte.!s!.A.CE947EEC
VirIT	HackTool.Win64.Agent.BJC
Symantec	Hacktool.Mimikatz
ESET-NOD32	a variant of Win64/Riskware.Mimikatz.D
APEX	Malicious
McAfee	HTool-MimiKatz
Avast	Win64:HacktoolX-gen [Trj]
ClamAV	Win.Tool.Mimikatz-9862700-0
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/Mimikatz.4b2
NANO-Antivirus	Trojan.Win64.Mimikatz.hdegnn
SUPERAntiSpyware	Trojan.Agent/Gen-Mimikatz
MicroWorld-eScan	Generic.Trojan.Mimikatz.Marte.!s!.A.CE947EEC
Rising	HackTool.Mimikatz!1.B3A8 (CLASSIC)
Emsisoft	Generic.Trojan.Mimikatz.Marte.!s!.A.CE947EEC (B)
F-Secure	Heuristic.HEUR/AGEN.1364969
DrWeb	Tool.Mimikatz.706
Zillya	Tool.Mimikatz.Win64.1026
TrendMicro	HKTL_MIMIKATZ64
McAfeeD	ti!92804FAAAB21
FireEye	Generic.mg.e930b05efe23891d
Sophos	ATK/Apteryx-Gen
Ikarus	HackTool.Mimikatz
Jiangmin	Trojan.PSW.Mimikatz.er
Webroot	W32.Hacktool.Gen
Google	Detected
Avira	HEUR/AGEN.1364969
MAX	malware (ai score=100)
Antiy-AVL	RiskWare/Win64.Mimikatz
Kingsoft	Win32.Troj.Generic.v
Gridinsoft	Hack.Win64.Mimikatz.ka!c
Xcitium	Malware@#kkm08qefpx7y
Microsoft	HackTool:Win32/Mimikatz!pz
ViRobot	HackTool.S.Mimikatz.1250056
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Win64.Trojan-Stealer.Mimikatz.J
Varist	W64/Mimikatz.WRYM-6839

mimikatz.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All