Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | July 11, 2024, 1:15 p.m. | July 11, 2024, 1:17 p.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DhcpServerCalloutEntry
2056-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DhcpServerCalloutEntry
2352
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DllCanUnloadNow
2156-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DllCanUnloadNow
2420
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DhcpNewPktHook
1020-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DhcpNewPktHook
2584
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DllGetClassObject
2248-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DllGetClassObject
2544
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DnsPluginCleanup
2344-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DnsPluginCleanup
2624
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DnsPluginInitialize
2520-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DnsPluginInitialize
2800
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DnsPluginQuery
2744-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,DnsPluginQuery
2912
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,ExtensionApiVersion
3024-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,ExtensionApiVersion
2240
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,InitializeChangeNotify
2176-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,InitializeChangeNotify
2416
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,Msv1_0SubAuthenticationFilter
2440-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,Msv1_0SubAuthenticationFilter
2960
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,Msv1_0SubAuthenticationRoutine
2708-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,Msv1_0SubAuthenticationRoutine
2188
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,NPGetCaps
2328-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,NPGetCaps
2216
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,NPLogonNotify
1492-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,NPLogonNotify
2700
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,PasswordChangeNotify
2472-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,PasswordChangeNotify
2892
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,SpLsaModeInitialize
2412-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,SpLsaModeInitialize
2348
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,WinDbgExtensionDllInit
2396-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,WinDbgExtensionDllInit
2220
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,coffee
2140-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,coffee
2392
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,startW
2984-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,startW
3148
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,zzzkatz
2868-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,zzzkatz
3280
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\gg.dll,
3268
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
No hosts contacted. |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
section | _RDATA |
Lionic | Trojan.Win32.Mimikatz.i!c |
Elastic | malicious (high confidence) |
Cynet | Malicious (score: 100) |
ALYac | Gen:Variant.Tedy.570298 |
VIPRE | Gen:Variant.Tedy.570298 |
Sangfor | Infostealer.Win32.Mimikatz.Vro2 |
BitDefender | Trojan.GenericKD.73437193 |
Arcabit | Trojan.Tedy.D8B3BA |
Symantec | ML.Attribute.HighConfidence |
ESET-NOD32 | a variant of Win64/Riskware.Mimikatz.DV |
APEX | Malicious |
Avast | Win64:PWSX-gen [Trj] |
Kaspersky | Trojan-PSW.Win32.Mimikatz.nmc |
Alibaba | TrojanPSW:Win32/Mimikatz.3dce3a7c |
MicroWorld-eScan | Trojan.GenericKD.73437193 |
Rising | Stealer.Mimikatz!8.1335D (CLOUD) |
Emsisoft | Gen:Variant.Tedy.570298 (B) |
TrendMicro | Trojan.Win64.BAZARLOADER.SMYXBIMZ |
FireEye | Generic.mg.fb440753675363fa |
Sophos | Mal/Generic-S |
Ikarus | PUA.Generic |
Webroot | W32.Mimikatz |
Detected | |
Antiy-AVL | Trojan[PSW]/Win32.Mimikatz |
Kingsoft | Win32.Trojan-PSW.Mimikatz.nmc |
Gridinsoft | Trojan.Win64.Mimikatz.sa |
Microsoft | Program:Win32/Wacapew.C!ml |
ZoneAlarm | Trojan-PSW.Win32.Mimikatz.nmc |
GData | Trojan.GenericKD.73437193 |
Varist | W64/ABRisk.TGTV-0435 |
DeepInstinct | MALICIOUS |
Panda | Trj/Chgt.AD |
Tencent | Win32.Trojan-QQPass.QQRob.Rgil |
MAX | malware (ai score=85) |
Fortinet | W32/PossibleThreat |
AVG | Win64:PWSX-gen [Trj] |
Paloalto | generic.ml |
CrowdStrike | win/malicious_confidence_60% (D) |
alibabacloud | HackTool:Win/mimikatz.ntu |