Harmony Endpoint Forensics Analysis: General

ATTACK INFORMATION

ANDRE: a1bab5c7-166a-466d-9226-e37d9eb3c369

evader

infostealer

Malware Family:

Nova

GENERAL DETAILS

ANDRE: a1bab5c7-166a-466d-9226-e37d9eb3c369

Incident ID:

a1bab5c7-166a-466d-9226-e37d9eb3c369

Analysis Time:

8/2/2024, 7:21:56 AM

Client Version:

88.41.1002

PC Name:

ANDRE

Machine Type:

VirtualMachine

OS:

Windows 10

Machine Roles:

Microsoft Print to PDF, Microsoft XPS Document Writer, Windows Search, Remote Differential Compression API Support, Work Folders Client, Print and Document Services, Windows Fax and Scan, Internet Printing Client, Windows PowerShell 2.0, Windows PowerShell 2.0 Engine, .NET Framework 4.7 Advanced Services, WCF Services, TCP Port Sharing, Media Features, Windows Media Player, SMB Direct, Internet Explorer 11

Domain:

IP Address:

192.168.37.135

User Name:

ANDRE\IEUser

User SID:

S-1-5-21-321011808-3761883066-353627080-1000

Logon Time:

8/1/2024, 10:18:05 AM

Logon Type:

Local

Remote PC:

N/A

Remote IP:

N/A

DETECTION DETAILS

ANDRE: a1bab5c7-166a-466d-9226-e37d9eb3c369

Description:

Clipper is Malwarebytes' generic detection name for a type of Trojan that tries to steal currencies from the affected system by stealing or manipulating the data on the Windows clipboard

Protection Name:

infostealer.win.clipper.a

Trigger Matched:

c:\windows\system32\reg.exe

Trigger Time:

8/2/2024, 7:21:31 AM

Trigger Actual:

PID: 12676, Creation Time: 1722583286080

Trigger Type:

Process

Trigger Process:

c:\windows\system32\reg.exe