Security Incident Timeline

From initial compromise to containment

mega.nz
08:40:05
08/14/23

Download payload from mega.nz

7z
08:40:31
08/14/23

File extracted using 7z

26 sec
SETUP.exe
08:41:05
08/14/23

SETUP.exe running from temp folder

34 sec
expand
08:41:18
08/14/23

Command executed Processing.vssm.bat

13 sec
SOC
09:19:00
08/14/23

SOC detected suspicious activity

37 min 42 sec
isolated
09:21:00
08/14/23

Laptop isolated from network

2 min

Phases

Attack Phase (Initial Compromise)
Response

Detailed Timeline

08:40:05 AM
Aug 14, 2023
Download payload from mega.nz
Attackmega.nz
08:40:31 AM
Aug 14, 2023
26 sec since previous
File extracted using 7z
Attack7z
08:41:05 AM
Aug 14, 2023
34 sec since previous
SETUP.exe running from temp folder
AttackSETUP.exe
08:41:18 AM
Aug 14, 2023
13 sec since previous
Command executed Processing.vssm.bat
Attackexpand
09:19:00 AM
Aug 14, 2023
37 min 42 sec since previous
SOC detected suspicious activity
ResponseSOC
09:21:00 AM
Aug 14, 2023
2 min since previous
Laptop isolated from network
Responseisolated