Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Feb. 24, 2025, 12:03 p.m.	Feb. 24, 2025, 12:07 p.m.

Size	971.8KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`46f366e3ee36c05ab5a7a319319f7c72`
SHA256	`2e8092205a2ded4b07e9d10d0ec02eba0ffcf1d370cab88c5221a749915f678a`
CRC32	`FD55E7E9`
ssdeep	`24576:ZUawjJv4xFV1To1GPC31fILaq/K34UQCxWw:daOxnOB3aLbK3R5Qw`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

Mizedo.exe "C:\Users\test22\AppData\Local\Temp\Mizedo.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 181 events)

Time & API	Arguments	Status	Return
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: k console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: a console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: t console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: z console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: x console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: F console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: b console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: A console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: L console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: a console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: V console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: A console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: L console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: A console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: o console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: u console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: r console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: o console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: o console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: B console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: n console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: j console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: a console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: m console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: n console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: D console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: E console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: L console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: P console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: Y console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: g console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: e console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: n console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: t console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: i console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: l console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: k console_handle: 0x0000000f	1	1
WriteConsoleW Feb. 24, 2025, 12:03 p.m.	buffer: i console_handle: 0x0000000f	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 24, 2025, 12:03 p.m.		1	1	0

File has been identified by 64 AntiVirus engines on VirusTotal as malicious (50 out of 64 events)

Elastic	Windows.Hacktool.Mimikatz
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Mimikatz.S13719266
Skyhigh	BehavesLike.Win32.Ransomware.dh
ALYac	Trojan.GenericKD.71678010
Cylance	Unsafe
VIPRE	Trojan.GenericKD.71678010
Sangfor	HackTool.Win64.Mimikatz.uwccg
K7AntiVirus	Riskware ( 004e69f51 )
BitDefender	Trojan.GenericKD.71678010
K7GW	Riskware ( 004e69f51 )
Arcabit	Trojan.Generic.D445B83A
VirIT	HackTool.Win32.Agent.CHMF
Symantec	Hacktool.Mimikatz
ESET-NOD32	a variant of Win32/RiskWare.Mimikatz.BC
APEX	Malicious
Avast	Win32:HacktoolX-gen [Trj]
ClamAV	Win.Tool.Mimikatz-9862700-0
Kaspersky	Trojan-PSW.Win32.Mimikatz.gen
Alibaba	Trojan:Win32/Mimikatz.4b2
NANO-Antivirus	Trojan.Win32.Mimikatz.hddnuq
SUPERAntiSpyware	Trojan.Agent/Gen-Mimikatz
MicroWorld-eScan	Trojan.GenericKD.71678010
Rising	HackTool.Mimikatz!1.B3A8 (CLASSIC)
Emsisoft	Trojan.GenericKD.71678010 (B)
F-Secure	Trojan.TR/AD.Mimikatz.wtjqu
DrWeb	Tool.Mimikatz.704
Zillya	Tool.Mimikatz.Win32.1451
TrendMicro	HackTool.Win32.Mimikatz.F
McAfeeD	ti!2E8092205A2D
CTX	exe.hacktool.mimikatz
Sophos	ATK/Mimikatz-BE
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.46f366e3ee36c05a
WebrootD	W32.Hacktool.Mimikatz
Jiangmin	Trojan.PSW.Mimikatz.bgi
Webroot	W32.Hacktool.Mimikatz
Google	Detected
Avira	TR/AD.Mimikatz.wtjqu
MAX	malware (ai score=100)
Antiy-AVL	Trojan[PSW]/Win32.Mimikatz
Kingsoft	Win32.Trojan-PSW.Mimikatz.gen
Gridinsoft	Hack.Win32.Mimikatz.ka!c
Xcitium	Malware@#3p7xsaxu4ql8i
Microsoft	HackTool:Win32/Mimikatz.D
ZoneAlarm	Trojan-PSW.Win32.Mimikatz.gen
GData	Win32.Riskware.Mimikatz.F
Varist	W32/Mimikatz.GURI-1369
AhnLab-V3	Trojan/Win32.RL_Mimikatz.R290617
McAfee	HTool-Mimikatz

Mizedo.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All