Security Incident Timeline

From initial compromise to containment

mega.nz

08:40:05

08/14/23

Download payload from mega.nz

7z

08:40:31

08/14/23

File extracted using 7z

26 sec

SETUP.exe

08:41:05

08/14/23

SETUP.exe running from temp folder

34 sec

expand

08:41:18

08/14/23

Command executed Processing.vssm.bat

13 sec

SOC

09:19:00

08/14/23

SOC detected suspicious activity

37 min 42 sec

isolated

09:21:00

08/14/23

Laptop isolated from network

2 min

Phases

Attack Phase (Initial Compromise)

Response

Detailed Timeline

08:40:05 AM

Aug 14, 2023

Download payload from mega.nz

Attackmega.nz

08:40:31 AM

Aug 14, 2023

26 sec since previous

File extracted using 7z

Attack7z

08:41:05 AM

Aug 14, 2023

34 sec since previous

SETUP.exe running from temp folder

AttackSETUP.exe

08:41:18 AM

Aug 14, 2023

13 sec since previous

Command executed Processing.vssm.bat

Attackexpand

09:19:00 AM

Aug 14, 2023

37 min 42 sec since previous

SOC detected suspicious activity

ResponseSOC

09:21:00 AM

Aug 14, 2023

2 min since previous

Laptop isolated from network

Responseisolated