Harmony Endpoint Forensics Analysis: General

OVERVIEW

GENERAL

General Details Reputation Details

ENTRY POINT

Summary Complete

REMEDIATION

BUSINESS IMPACT

SUSPICIOUS ACTIVITY

Mitre ATT&CK™ Matrix Suspicious Events Network Events

INCIDENT DETAILS

Tree Tree Timeline Script/Shortcut Content

ATTACK INFORMATION

ANDRE: 5cab59e9-1de3-4865-9558-eac274cba3ad

trojan

Malware Family:

Generic

GENERAL DETAILS

ANDRE: 5cab59e9-1de3-4865-9558-eac274cba3ad

Incident ID:

5cab59e9-1de3-4865-9558-eac274cba3ad

Analysis Time:

7/4/2023, 8:13:11 AM

Client Version:

87.30.0232

PC Name:

ANDRE

Machine Type:

VirtualMachine

OS:

Windows 10

Machine Roles:

Microsoft Print to PDF, Microsoft XPS Document Writer, Windows Search, Remote Differential Compression API Support, Work Folders Client, Print and Document Services, Windows Fax and Scan, Internet Printing Client, Windows PowerShell 2.0, Windows PowerShell 2.0 Engine, .NET Framework 4.7 Advanced Services, WCF Services, TCP Port Sharing, Media Features, Windows Media Player, SMB Direct, Internet Explorer 11

Domain:

IP Address:

192.168.37.128

User Name:

ANDRE\IEUser

User SID:

S-1-5-21-321011808-3761883066-353627080-1000

Logon Time:

7/3/2023, 8:23:16 AM

Logon Type:

Local

Remote PC:

N/A

Remote IP:

N/A

DETECTION DETAILS

ANDRE: 5cab59e9-1de3-4865-9558-eac274cba3ad

Description:

To exclude the file: On the Harmony Endpoint Management add this sha1 exclusion: f5892a4e-a271ed22-c391efe4-14732111-65db2b70

Protection Name:

Unknown.

Trigger Matched:

c:\users\ieuser\desktop\malware\appinstaller 11.6.exe

Trigger Time:

7/4/2023, 8:12:53 AM

Trigger Actual:

c:\users\ieuser\desktop\malware\appinstaller 11.6.exe

Trigger Type:

File

Trigger Process:

c:\program files\winrar\winrar.exe

Trigger PID:

11000

Trigger Args:

x -iext -ow -ver -imon1 -- "C:\Users\IEUser\Desktop\Malware\sample (7).zip" C:\Users\IEUser\Desktop\Malware\

Trigger App:

Endpoint File Reputation

Trigger Rep:

Malicious

Trigger MD5:

bc4915dd472d41ab5aa5bb7d64a6be86

Mode:

Prevent

Confidence:

High

Severity:

Critical

EMAIL DETAILS

ANDRE: 5cab59e9-1de3-4865-9558-eac274cba3ad

Attachment:

N/A - Could not be traced back to an email

Subject:

Email ID:

From:

To:

ATTACK STATS

ANDRE: 5cab59e9-1de3-4865-9558-eac274cba3ad

0

remote (RDP)
logons

0

malicious
connections

0

suspicious
connections

0

unclassified
connections

0

malicious
processes

0

suspicious
processes

0

unclassified
processes

0

unsigned
processes

0

script
processes

0

windows os
processes

1

malicious
files

0

suspicious
files