Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Aug. 4, 2024, 1:23 p.m. | Aug. 4, 2024, 1:26 p.m. |
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DhcpServerCalloutEntry
292-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DhcpServerCalloutEntry
2436
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginInitialize
2196-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginInitialize
2568
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginCleanup
2100-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginCleanup
2720
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DhcpNewPktHook
1188-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DhcpNewPktHook
2480
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginQuery
2288-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,DnsPluginQuery
2652
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,ExtensionApiVersion
2388-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,ExtensionApiVersion
2736
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,InitializeChangeNotify
2556-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,InitializeChangeNotify
2848
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,PasswordChangeNotify
2788-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,PasswordChangeNotify
2060
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,SpLsaModeInitialize
2952-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,SpLsaModeInitialize
2368
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,WinDbgExtensionDllInit
884-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,WinDbgExtensionDllInit
2492
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,coffee
2384-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,coffee
2796
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,mimikatz
2764-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,mimikatz
2112
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,startW
3040-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,startW
2620
-
-
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\mimilib.dll,
2400
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
111.231.145.137 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
host | 111.231.145.137 |
Lionic | Trojan.Win64.Mimikatz.i!c |
MicroWorld-eScan | Application.HackTool.Mimikatz.AC |
CAT-QuickHeal | HackTool.Mimikatz.S13719267 |
Skyhigh | HTool-Mimikatz |
ALYac | Application.HackTool.Mimikatz.AC |
Cylance | Unsafe |
VIPRE | Application.HackTool.Mimikatz.AC |
Sangfor | HackTool.Win64.Mimikatz.uwccg |
K7AntiVirus | Hacktool ( 0043c1591 ) |
BitDefender | Application.HackTool.Mimikatz.AC |
K7GW | Hacktool ( 0043c1591 ) |
Arcabit | Application.HackTool.Mimikatz.AC |
Symantec | Hacktool.Mimikatz |
ESET-NOD32 | a variant of Win64/Riskware.Mimikatz.U |
McAfee | HTool-Mimikatz |
Avast | Win64:Malware-gen |
Cynet | Malicious (score: 100) |
Kaspersky | HEUR:Trojan.Win32.Mimikatz.gen |
Alibaba | Trojan:Win32/Mimikatz.4b1 |
NANO-Antivirus | Trojan.Win64.Mimikatz.eusljj |
Rising | HackTool.Mimikatz!1.B3A7 (CLASSIC) |
Emsisoft | Application.HackTool.Mimikatz.AC (B) |
DrWeb | Tool.Mimikatz.41 |
Zillya | Tool.Mimikatz.Win64.220 |
TrendMicro | HKTL_MIMIKATZ64 |
McAfeeD | ti!8C1E685C4D74 |
FireEye | Generic.mg.80b4e71fcf1d3e41 |
Sophos | ATK/Apteryx-Gen |
Ikarus | HackTool.Mimikatz |
Jiangmin | Trojan.PSW.Mimikatz.td |
Webroot | W32.Hacktool.Gen |
Detected | |
MAX | malware (ai score=100) |
Antiy-AVL | Trojan[PSW]/Win64.Mimikatz |
Kingsoft | win32.troj.undef.a |
Gridinsoft | Virtool.Win64.Mimikatz.dd!n |
Xcitium | Malware@#3urk2nmtodhbg |
Microsoft | HackTool:Win64/Mikatz!dha |
ZoneAlarm | HEUR:Trojan.Win32.Mimikatz.gen |
GData | Win32.Riskware.Mimikatz.C |
AhnLab-V3 | HackTool/Win64.Mimikatz.C1953096 |
DeepInstinct | MALICIOUS |
VBA32 | TrojanPSW.Win64.Mimikatz |
Malwarebytes | HackTool.Mimikatz |
Panda | Hacktool/Mimikatz |
TrendMicro-HouseCall | HKTL_MIMIKATZ64 |
Tencent | Trojan.Win64.Mimikatz.a |
SentinelOne | Static AI - Malicious PE |
MaxSecure | Trojan.Malware.9545116.susgen |
Fortinet | Riskware/Mimikatz |