This process execution profile was obtained from the wild, i.e. not from a lab environment.
Summary
Ntdsutil.exe is a command line utility for accessing Windows Active Directory. It is sometimes used maliciously to dump domain passwords.
It is the 10,841st most commonly executed Windows program. It typically runs from the path C:\Windows\System32, and is most often launched by cmd.exe.
EchoTrail Prevalence Score (EPS)
The EchoTrail Prevalence Score (EPS) is calculated using a formula that takes into account much of the process metadata we collect from computers in the wild. The score is a number between 0 and 100, with a higher number indicating a higher incidence of this process being run in the wild. A low score would indicate an unusual or new process that hasn't been seen often.
9.53
Rank Analysis
Host Prevalence
Host Prevalence represents the percentage of hosts in the wild that this process has been observed running on. A high number here indicates a very common process across a variety of environments, raising the likelihood that it's a legitimate process.
0%
Execution Rank
Execution rank indicates how often this process is seen being executed in the wild. The ranking a simple ranking where a process that runs more often than another will receive a higher ranking (lower numbe r). A process with a rank of 1 is the most executed process seen in the wild.