Question 5 of 76 from exam 350-201-CBRCOR: Performing CyberOps Using Cisco Security Technologies

Question 5 of 76 from exam 350-201-CBRCOR: Performing CyberOps Using Cisco Security Technologies

Prev Question Next Question

Question

Analysis Report 10 28cbee15b1ea4c884edd8470d 82054 Filename fpzryrtexe os 7601.1898, ema6étre.win7sp1_ Magic Type PE32 executable (GUI) intel £0386, for MS Windows, (961. 150316-1654 Analyzed AS exe Started 7/29/16 18:44:43 SHA256 e9ca0ea3ec2t8c9748a9090304c915a 16d8300660546703005927 Ended 7/29/16 18:50:39 bedéfecd7da Duration 0:05:56 SHAT 1824858 10tdSebet29¢5da5d029¢00347077206 Sandbox phi-work-02 (plot-d) Mos 600707 78edtBd58 tflaacb 1610088008 Warnings © Executable Failed integrity Check Behavioral Indicators © CTB Locker Detected Severity: 100 Confidence: 100 © Generic Ransomware Detected Severity: 100 Confidence: 95 © Excessive Suspicious Activity Detected Severity: 90 Confidence: 100 © Process Modified a File in a System Directory Severity: 90 Confidence: 100 © Large Amount of High Entropy Artifacts Written Severity: 100 Confidence: 80 © Process Modified a File in the Program Files Directory Severity: 80 Confidence: 90 Decoy Document Detected Severity: 70 Confidence: 100 ©Process Modified an Executable File Severity: 60 Confidence: 100 ©Process Modified File in a User Directory Severity: 70 Confidence: 80 Windows Crash Tool Execution Detected Severity: 20 Confidence: 80 ‘Hook Procedure Detected in Executable Severity: 35 Confidence: 40 ORansomware Queried Domain Severity: 25 Confidence: 25 Executable Imported the IsDebuggerPresent Symbol Severity: 20 Confidence: 20

Refer to the exhibit.

Cisco Advanced Malware Protection installed on an end-user desktop has automatically submitted a low prevalence file to the Threat Grid analysis engine for further analysis.

What should be concluded from this report?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

Prev Question Next Question