mimilib.dll| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | Aug. 4, 2024, 1:23 p.m. | Aug. 4, 2024, 1:26 p.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DhcpServerCalloutEntry
292-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DhcpServerCalloutEntry
2436
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginInitialize
2196-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginInitialize
2568
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginCleanup
2100-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginCleanup
2720
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DhcpNewPktHook
1188-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DhcpNewPktHook
2480
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginQuery
2288-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginQuery
2652
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,ExtensionApiVersion
2388-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,ExtensionApiVersion
2736
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,InitializeChangeNotify
2556-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,InitializeChangeNotify
2848
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,PasswordChangeNotify
2788-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,PasswordChangeNotify
2060
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,SpLsaModeInitialize
2952-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,SpLsaModeInitialize
2368
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,WinDbgExtensionDllInit
884-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,WinDbgExtensionDllInit
2492
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,coffee
2384-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,coffee
2796
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,mimikatz
2764-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,mimikatz
2112
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,startW
3040-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,startW
2620
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,
2400
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 111.231.145.137 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| host | 111.231.145.137 | |||
| Lionic | Trojan.Win64.Mimikatz.i!c |
| MicroWorld-eScan | Application.HackTool.Mimikatz.AC |
| CAT-QuickHeal | HackTool.Mimikatz.S13719267 |
| Skyhigh | HTool-Mimikatz |
| ALYac | Application.HackTool.Mimikatz.AC |
| Cylance | Unsafe |
| VIPRE | Application.HackTool.Mimikatz.AC |
| Sangfor | HackTool.Win64.Mimikatz.uwccg |
| K7AntiVirus | Hacktool ( 0043c1591 ) |
| BitDefender | Application.HackTool.Mimikatz.AC |
| K7GW | Hacktool ( 0043c1591 ) |
| Arcabit | Application.HackTool.Mimikatz.AC |
| Symantec | Hacktool.Mimikatz |
| ESET-NOD32 | a variant of Win64/Riskware.Mimikatz.U |
| McAfee | HTool-Mimikatz |
| Avast | Win64:Malware-gen |
| Cynet | Malicious (score: 100) |
| Kaspersky | HEUR:Trojan.Win32.Mimikatz.gen |
| Alibaba | Trojan:Win32/Mimikatz.4b1 |
| NANO-Antivirus | Trojan.Win64.Mimikatz.eusljj |
| Rising | HackTool.Mimikatz!1.B3A7 (CLASSIC) |
| Emsisoft | Application.HackTool.Mimikatz.AC (B) |
| DrWeb | Tool.Mimikatz.41 |
| Zillya | Tool.Mimikatz.Win64.220 |
| TrendMicro | HKTL_MIMIKATZ64 |
| McAfeeD | ti!8C1E685C4D74 |
| FireEye | Generic.mg.80b4e71fcf1d3e41 |
| Sophos | ATK/Apteryx-Gen |
| Ikarus | HackTool.Mimikatz |
| Jiangmin | Trojan.PSW.Mimikatz.td |
| Webroot | W32.Hacktool.Gen |
| Detected | |
| MAX | malware (ai score=100) |
| Antiy-AVL | Trojan[PSW]/Win64.Mimikatz |
| Kingsoft | win32.troj.undef.a |
| Gridinsoft | Virtool.Win64.Mimikatz.dd!n |
| Xcitium | Malware@#3urk2nmtodhbg |
| Microsoft | HackTool:Win64/Mikatz!dha |
| ZoneAlarm | HEUR:Trojan.Win32.Mimikatz.gen |
| GData | Win32.Riskware.Mimikatz.C |
| AhnLab-V3 | HackTool/Win64.Mimikatz.C1953096 |
| DeepInstinct | MALICIOUS |
| VBA32 | TrojanPSW.Win64.Mimikatz |
| Malwarebytes | HackTool.Mimikatz |
| Panda | Hacktool/Mimikatz |
| TrendMicro-HouseCall | HKTL_MIMIKATZ64 |
| Tencent | Trojan.Win64.Mimikatz.a |
| SentinelOne | Static AI - Malicious PE |
| MaxSecure | Trojan.Malware.9545116.susgen |
| Fortinet | Riskware/Mimikatz |