Jump to content

Elitestore

Techbench
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. So upon further self-examination, I remembered to check Windows Task Scheduler and I did find an entry there that was set to invoke wscript every 2 minutes in an attempt to run the payload script file (which I uploaded originally). I deleted that entry. I then found a very small .iso file in the client's Download folder so I must assuem they received it via an email attachment and then opened it. I am attaching that iso file to this msg. A paid Malwarebytes Premium is running on the client computer so maybe it somewhat thwarted the infection but I am sorely disappointed that it is not detecting the payload files. At this time, I don't see a need to run any more diagnostic or logging tools but I hope you (or someone) reviews the iso payload and can help get this type of attack "detected". Thanks. NRPQN-677.zip
  2. An annoying popup message (jpg included in the zip upload) that I cannot get rid of led me to a Google search (https://www.joesandbox.com/analysis/489337/0/iochtml) that pointed me to look into the C:\Users\Public folder where I found two files that are suspicious. Infection 9-17-21.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.