← Customer 27935348

#32398 Threat | P1 | SentinelOne Unmitigated Suspicious Threat @ Bank of Montana

New-Blumira Created Feb 11, 2025, 12:07 PM
System (internal) Feb 11, 2025, 12:07 PM 
Created from Lead: https://artichoke.shield.syncromsp.com/leads/30480509/convert
Check-in (internal) Feb 11, 2025, 12:07 PM 
[embedded image](https://www.blumira.com/)

Threat | P1 | SentinelOne Unmitigated Suspicious Threat @ Bank of Montana

Blumira has detected SentinelOne Unmitigated Suspicious Threat for Bank of Montana on 2025-02-11 05:05AM MST and triggered action Create Priority 1 Threat for Responders.

Analysis:

A Malware and Cryptominer threat has been alerted on by SentinelOne on BOM-SysAdmin with the logged in user for activity related to AutoHotkey_2.0.19_setup.exe, AutoHotkeyA32.exe, Unicode 32-bit.bin, and 1 other.

The threat detection details include:

File can monitor clipboard content, The majority of sections in this PE have high entropy, a sign of obfuscation or packing, This binary imports functions used to raise kernel exceptions, and 9 others

Finding ID: F-25-06-E9D4

Finding Data Source: SentinelOne Activities
Replying to this email does not open a ticket or notify the support team. Please email [email protected] or comment within the Finding.

[Learn More](https://app.blumira.com/35f9513a-d9d8-4db6-be0b-36df543b1591/query/findings/e9d4695e-d162-4adf-b769-a8637ae761ba)

[embedded image]

[email protected]
[206 E. Huron Street, Suite 106, Ann Arbor, MI 48104](#)

fbacc712-8fb2-4db1-a98c-faddf31a716f

[embedded image]
Ticket Automation (internal) Feb 11, 2025, 12:07 PM 
Automation Blumira ran on this ticket. Actions: Change Status to New-Blumira