Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 21, 2025, 1:13 p.m.	April 21, 2025, 1:19 p.m.

Size	1.3MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`b375f8f73341369bbd2731c652132b03`
SHA256	`d719cb6f0288867122e8780c2e326952b1858036f7a036821d77e2e7443fe2fb`
CRC32	`FE4B25FB`
ssdeep	`24576:gPOLHP7+a2HVvM0UyYG7SbQbcaXjn4Gy5+aYoNEVJEjAYc7T:gPO/4UgOLaz4FQdoNEVmI`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

mmcerts.exe "C:\Users\test22\AppData\Local\Temp\mmcerts.exe"
1460

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
196.251.118.210	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 184 events)

Time & API	Arguments	Status	Return
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: z console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: x console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: g console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: V console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: A console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: r console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: B console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: j console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: m console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: D console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: E console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: L console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: P console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: Y console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: g console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: k console_handle: 0x000000000000000f	1	1
WriteConsoleW April 21, 2025, 1:06 p.m.	buffer: i console_handle: 0x000000000000000f	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 21, 2025, 1:06 p.m.		1	1	0

Communicates with host for which no DNS query was performed (1 event)

host

196.251.118.210

File has been identified by 56 AntiVirus engines on VirusTotal as malicious (50 out of 56 events)

Lionic	Trojan.Win32.Mimikatz.4!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Mimikatz.S13719268
Skyhigh	HTool-MimiKatz!B375F8F73341
ALYac	Generic.Trojan.Mimikatz.Marte.!s!.A.86349A27
Cylance	Unsafe
VIPRE	Generic.Trojan.Mimikatz.Marte.!s!.A.86349A27
Sangfor	HackTool.Win64.Mimikatz.uwccg
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.Trojan.Mimikatz.Marte.!s!.A.86349A27
K7GW	Trojan ( baba064c1 )
K7AntiVirus	Hacktool ( 0043c1591 )
Arcabit	Generic.Trojan.Mimikatz.Marte.!s!.A.86349A27
VirIT	Trojan.Win64.Agent.CHIV
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Hacktool.Mimikatz
ESET-NOD32	a variant of Win64/Riskware.Mimikatz.G
APEX	Malicious
Avast	Win64:PUP-gen [PUP]
ClamAV	Win.Dropper.Mimikatz-9778171-1
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	RiskWare:Win64/Mimikatz.3d820006
SUPERAntiSpyware	Trojan.Agent/Gen-Mimikatz
MicroWorld-eScan	Generic.Trojan.Mimikatz.Marte.!s!.A.86349A27
Rising	HackTool.Mimikatz!1.B3A8 (CLASSIC)
Emsisoft	Generic.Trojan.Mimikatz.Marte.!s!.A.86349A27 (B)
DrWeb	Tool.Mimikatz.1166
Zillya	Trojan.Mimikatz.Win64.510
TrendMicro	HackTool.Win64.MIMIKATZ.SMEOJ
McAfeeD	ti!D719CB6F0288
CTX	exe.hacktool.mimikatz
Sophos	ATK/Mimikatz-BJ
SentinelOne	Static AI - Malicious PE
Jiangmin	Trojan.PSW.Mimikatz.pv
Webroot	W32.Hacktool.Gen
Google	Detected
Antiy-AVL	Trojan[PSW]/Win64.Mimikatz
Gridinsoft	Risk.Win64.Gen.dd!i
Microsoft	HackTool:Win32/Mimikatz!pz
ZoneAlarm	ATK/Mimikatz-BJ
GData	Win64.Trojan-Stealer.Mimikatz.J
Varist	W64/S-b61adc75!Eldorado
AhnLab-V3	Trojan/Win32.RL_Mimikatz.R366782
McAfee	HTool-MimiKatz!B375F8F73341
DeepInstinct	MALICIOUS
Malwarebytes	Mimikatz.Spyware.Stealer.DDS
Ikarus	HackTool.Mimikatz
Panda	HackingTool/Mimikatz
TrendMicro-HouseCall	HackTool.Win64.MIMIKATZ.SMEOJ
Tencent	Trojan.Win64.Mimikatz.a

mmcerts.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All