Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 4, 2024, 1:29 p.m.	Aug. 4, 2024, 1:34 p.m.

Size	1.4MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`640ff220dc517b6fda38e45fb575d47e`
SHA256	`149eb8d83339d9dddeac323c22dba33711ca1170b3638359023d5b9633064568`
CRC32	`D5C705E0`
ssdeep	`24576:eTsC79cY+rtwvo0bz8ke0Wv4m+8oyoI1BwHflL6HMcG:TzYLL64m+8oy6HflLMG`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

mimikatz.exe "C:\Users\test22\AppData\Local\Temp\mimikatz.exe"
1372

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 184 events)

Time & API	Arguments	Status	Return
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: z console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: x console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: J console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: V console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: r console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: B console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: j console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: D console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: E console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: P console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: Y console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: g console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW Aug. 4, 2024, 1:22 p.m.	buffer: i console_handle: 0x000000000000000f	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 4, 2024, 1:22 p.m.		1	1	0

File has been identified by 58 AntiVirus engines on VirusTotal as malicious (50 out of 58 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Mimikatz.4!c
Elastic	Windows.Hacktool.Mimikatz
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Mimikatz.S13719268
Skyhigh	BehavesLike.Win64.HToolMimiKatz.th
ALYac	Generic.Trojan.Mimikatz.Marte.!s!.A.839650D3
Cylance	Unsafe
VIPRE	Generic.Trojan.Mimikatz.Marte.!s!.A.839650D3
Sangfor	HackTool.Win64.Mimikatz.uwccg
K7AntiVirus	Hacktool ( 0043c1591 )
BitDefender	Generic.Trojan.Mimikatz.Marte.!s!.A.839650D3
K7GW	Hacktool ( 0043c1591 )
Cybereason	malicious.0dc517
Arcabit	Generic.Trojan.Mimikatz.Marte.!s!.A.839650D3
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Riskware.Mimikatz.G
APEX	Malicious
McAfee	HTool-MimiKatz!640FF220DC51
Avast	Win64:HacktoolX-gen [Trj]
ClamAV	Win.Dropper.Mimikatz-9778171-1
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	HackTool:Win32/Mimikatz.1bbd59a6
MicroWorld-eScan	Generic.Trojan.Mimikatz.Marte.!s!.A.839650D3
Rising	HackTool.Mimikatz!1.B3A8 (CLASSIC)
Emsisoft	Generic.Trojan.Mimikatz.Marte.!s!.A.839650D3 (B)
F-Secure	Heuristic.HEUR/AGEN.1374632
Zillya	Tool.Mimikatz.Win64.3374
TrendMicro	HKTL_MIMIKATZ64
McAfeeD	ti!149EB8D83339
Trapmine	suspicious.low.ml.score
FireEye	Generic.mg.640ff220dc517b6f
Sophos	ATK/Apteryx-Gen
Ikarus	HackTool.Mimikatz
Jiangmin	Trojan.Generic.hrwuy
Webroot	W32.Hacktool.Gen
Google	Detected
Avira	HEUR/AGEN.1374632
MAX	malware (ai score=89)
Antiy-AVL	RiskWare/Win64.Mimikatz
Kingsoft	Win32.Trojan.Generic.a
Gridinsoft	Risk.Win64.Gen.dd!i
Microsoft	HackTool:Win32/Mimikatz.D
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Win64.Trojan-Stealer.Mimikatz.J
Varist	W64/S-b61adc75!Eldorado
AhnLab-V3	Trojan/Win64.Mimikatz.R370574
DeepInstinct	MALICIOUS
Malwarebytes	Mimikatz.Spyware.Stealer.DDS
Panda	HackingTool/Mimikatz

mimikatz.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All