Harmony Endpoint Forensics Analysis: Overview

OVERVIEW

GENERAL

General Details Reputation Details

ENTRY POINT

Summary Complete

REMEDIATION

BUSINESS IMPACT

SUSPICIOUS ACTIVITY

Mitre ATT&CK™ Matrix Suspicious Events Network Events

INCIDENT DETAILS

Tree Tree Timeline Script/Shortcut Content

BLOCKED status

Generic malware family

CRITICAL severity

Endpoint File Reputation triggered by

c:\users\ieuser\desktop\malware\appinstaller 11.6.exe trigger

Unknown. protection name

IEUser local user

What sort of connections and processes were involved?

1 Malicious
Files

What were the attacks types seen or prevented?

trojan

How did it enter the system?

Incident started through vmtoolsd.exe

BUSINESS IMPACT

What was the potential damage done?

No damage detected

Were all incident created elements removed?

terminated processes

quarantined/deleted files

restored files

INCIDENT DETAILS

How do I analyze further?

No process executions detected
MITRE ATT&CK™

Tactics and techniques seen as defined by the MITRE ATT&CK™ framework

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

No MITRE ATT&CK™ techniques found
NETWORK MAP

Where were the untrusted connections being made?

No suspicious connection detected
INCIDENT DETAILS

How do I analyze further?

No process executions detected
MITRE ATT&CK™

Tactics and techniques seen as defined by the MITRE ATT&CK™ framework

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

No MITRE ATT&CK™ techniques found
NETWORK MAP

Where were the untrusted connections being made?

No suspicious connection detected
INCIDENT DETAILS

How do I analyze further?

No process executions detected