Benign

How many logs are ingested from the month of March?

13959

Imposter Alert: There seems to be an imposter account observed in the logs, what is the name of that user?

Amel1a

Which user from the HR department was observed to be running scheduled tasks?

Chris.fort

Which user from the HR department executed a system process (LOLBIN) to download a payload from a file-sharing host.

Haroon

To bypass the security controls, which system process (lolbin) was used to download a payload from the internet?

certutil.exe

What was the date that this binary was executed by the infected host? format (YYYY-MM-DD)

2022-03-04

Which third-party site was accessed to download the malicious payload?

controlc.com

What is the name of the file that was saved on the host machine from the C2 server during the post-exploitation phase?

benign.exe

The suspicious file downloaded from the C2 server contained malicious content with the pattern THM{..........}; what is that pattern?

THM{KJ&*H^B0}

What is the URL that the infected host connected to?

https://controlc.com/548ab556

Page updated

Google Sites

Report abuse