34.131.9.88 Open in urlscan Pro
34.131.9.88  Public Scan

Form analysis
0 forms found in the DOM

Text Content

OVERVIEW
GENERAL
General Details Reputation Details
ENTRY POINT
Summary Complete
REMEDIATION
BUSINESS IMPACT
SUSPICIOUS ACTIVITY
Mitre ATT&CK™ Matrix Suspicious Events Network Events
INCIDENT DETAILS
Tree Tree Timeline Script/Shortcut Content

ATTACK INFORMATION

RANSOMWARE-TEST: 7ac15031-536d-4e2c-99e1-411b3bc9c005

backdoor

bot







ransomware




trojan


Malware Family:

GENERAL DETAILS

RANSOMWARE-TEST: 7ac15031-536d-4e2c-99e1-411b3bc9c005

Incident ID:
7ac15031-536d-4e2c-99e1-411b3bc9c005
Analysis Time:
8/30/2022, 8:12:20 PM
Client Version:
86.60.0185
PC Name:
RANSOMWARE-TEST
Machine Type:
Server
OS:
Windows Server 2016
Machine Roles:
Microsoft-Windows-Server-Core-Package-DisplayName, .NET Framework 4.8 Features,
.NET Framework 4.8, WCF Services, TCP Port Sharing, Windows PowerShell, Windows
PowerShell, Key Distribution Service PowerShell Cmdlets, Trusted Platform Module
Service PowerShell Cmdlets, Windows PowerShell 2.0 Engine, TLS Session Ticket
Key Commands, Microsoft Windows ServerCore Foundational PowerShell Cmdlets,
Microsoft Windows ServerCore WOW64, Windows Server Print Client, Windows Server
Print Client Management UI, Media Features, Windows Media Player, Microsoft XPS
Document Writer, SMB Direct, Microsoft Defender Antivirus, Microsoft Print to
PDF, XPS Viewer, Windows Server Backup SnapIn, Server Drivers, Server Printer
Drivers, Microsoft-Windows-Server-Shell-Package-DisplayName, Internet Explorer
11, Microsoft-Windows-Server-Gui-Mgmt-Package-DisplayName, Root node for feature
RSAT tools, Windows Search, Server Core non-critical fonts -
(Fonts-MinConsoleFonts)., Server Core non-critical fonts - (Fonts-BitmapFonts).,
Server Core non-critical fonts - (Font-TrueTypeFonts)., Server Core non-critical
fonts - (Fonts-UAPFonts)., Server Core non-critical fonts components -
(Fonts-Support)., Server Core Drivers, Server Core WOW64 Drivers, System Data
Archiver
Domain:

Forensics Version:
8.68.66.48
IP Address:
10.160.0.10
User Name:
RANSOMWARE-TEST\ransomware
User SID:
S-1-5-21-1769506388-3596128238-2562460177-1000
Logon Time:
12/31/1969, 11:59:59 PM
Logon Type:
Local
Remote PC:
N/A
Remote IP:
N/A
DETECTION DETAILS

RANSOMWARE-TEST: 7ac15031-536d-4e2c-99e1-411b3bc9c005

Description:
Dummypots files have been modified, that indicate ransomware activity
Protection Name:
ransomware.win.honey
Trigger Matched:
c:\users\ransomware\downloads\b14cde376a8a7a9d7ad34cdfd07108c132ad8be7f60c5c0a0f17b6b63eb28b49.exe
Trigger Time:
8/30/2022, 8:10:10 PM
Trigger Actual:
PID: 2200, Creation Time: 1661886385501
Trigger Type:
Process
Trigger Process:
c:\users\ransomware\downloads\b14cde376a8a7a9d7ad34cdfd07108c132ad8be7f60c5c0a0f17b6b63eb28b49.exe
Trigger PID:
2200
Trigger Args:

Trigger App:
Endpoint Anti-Ransomware
Trigger Rep:
Malicious
Trigger MD5:
1acdaba338e67c748e56aa81a27a9831
Mode:
Prevent
Confidence:
High
Severity:
High
EMAIL DETAILS

RANSOMWARE-TEST: 7ac15031-536d-4e2c-99e1-411b3bc9c005

Attachment:
N/A - Could not be traced back to an email
Subject:

Email ID:

From:

To:

ATTACK STATS

RANSOMWARE-TEST: 7ac15031-536d-4e2c-99e1-411b3bc9c005

0
remote (RDP)
logons
0
malicious
connections
0
suspicious
connections
1
unclassified
connections
1
malicious
processes
0
suspicious
processes
0
unclassified
processes
1
unsigned
processes
0
script
processes
5
windows os
processes
1
malicious
files
0
suspicious
files