OVERVIEW
GENERAL
General Details
Reputation Details
ENTRY POINT
Summary
Complete
REMEDIATION
BUSINESS IMPACT
SUSPICIOUS ACTIVITY
Mitre ATT&CK™ Matrix
Suspicious Events
Network Events
INCIDENT DETAILS
Tree
Tree Timeline
Script/Shortcut Content
BLOCKED
status
Generic
malware family
CRITICAL
severity
Endpoint File Reputation
triggered by
c:\users\ieuser\desktop\malware\appinstaller 11.6.exe
trigger
Unknown.
protection name
IEUser
local user
ATTACK STATS
What sort of connections and processes were involved?
Remote Logon
Internal
Malicious
Connections
Suspicious
Connections
Unclassified
Connections
Malicious
Processes
Suspicious
Processes
Unclassified
Processes
1
Malicious
Files
Suspicious
Files
Unsigned
Processes
Script
Processes
ATTACK TYPES
What were the attacks types seen or prevented?
trojan
ENTRY POINT
How did it enter the system?
Incident started through vmtoolsd.exe
BUSINESS IMPACT
What was the potential damage done?
No damage detected
REMEDIATION
Were all incident created elements removed?
No remediation needed
terminated processes
100%
3/3
quarantined/deleted files
restored files
INCIDENT DETAILS
How do I analyze further?
No process executions detected
MITRE ATT&CK™
Tactics and techniques seen as defined by the MITRE ATT&CK™ framework
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
No MITRE ATT&CK™ techniques found
NETWORK MAP
Where were the untrusted connections being made?
No suspicious connection detected
INCIDENT DETAILS
How do I analyze further?
No process executions detected
MITRE ATT&CK™
Tactics and techniques seen as defined by the MITRE ATT&CK™ framework
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
No MITRE ATT&CK™ techniques found
NETWORK MAP
Where were the untrusted connections being made?
No suspicious connection detected
INCIDENT DETAILS
How do I analyze further?
No process executions detected