← Customer 27935348

#32357 Threat | P1 | SentinelOne Unmitigated Suspicious Threat @ Bank of Montana

New-Blumira Created Feb 10, 2025, 12:06 PM
System (internal) Feb 10, 2025, 12:06 PM 
Created from Lead: https://artichoke.shield.syncromsp.com/leads/30454830/convert
Check-in (internal) Feb 10, 2025, 12:06 PM 
[embedded image](https://www.blumira.com/)

Threat | P1 | SentinelOne Unmitigated Suspicious Threat @ Bank of Montana

Blumira has detected SentinelOne Unmitigated Suspicious Threat for Bank of Montana on 2025-02-10 05:05AM MST and triggered action Create Priority 1 Threat for Responders.

Analysis:

A Malware and Cryptominer threat has been alerted on by SentinelOne on BOM-SysAdmin with the logged in user for activity related to AutoHotkey_2.0.19_setup.exe, AutoHotkeyA32.exe, Unicode 32-bit.bin, and 1 other.

The threat detection details include:

File can monitor clipboard content, The majority of sections in this PE have high entropy, a sign of obfuscation or packing, This binary imports functions used to raise kernel exceptions, and 9 others

Finding ID: F-25-06-89EF

Finding Data Source: SentinelOne Activities
Replying to this email does not open a ticket or notify the support team. Please email [email protected] or comment within the Finding.

[Learn More](https://app.blumira.com/35f9513a-d9d8-4db6-be0b-36df543b1591/query/findings/89ef2e09-a5ec-4990-96c8-397ebbc580cf)

[embedded image]

[email protected]
[206 E. Huron Street, Suite 106, Ann Arbor, MI 48104](#)

4c046d12-d141-47ce-a655-0638af5d7309

[embedded image]
Ticket Automation (internal) Feb 10, 2025, 12:06 PM 
Automation Blumira ran on this ticket. Actions: Change Status to New-Blumira