hxxp://_time[:] 2023-06-30 21[:]44[:]11 action[:] allowed category[:] NGAV command[:] "C[:]\Program Files\Nuix\Nuix 9[.]6\bin\nuix_single_worker[.]exe" --add-exports=java[.]base/jdk[.]internal[.]loader=ALL-UNNAMED -Xmx68110m -Dlog4j[.]configurationFile=file[://]/C[:]/Program%20Files/Nuix/Nuix%209[.]6/conf<TRUNCATED> description[:] A file written to the file system meets the on-sensor machine learning high confidence threshold for malicious files[.] Detection is based on a high degree of entropy, packing, anti-malware evasion, or <TRUNCATED> dest[:] CNNDCNWRP002 dest_ip[:] 10[.]18[.]33[.]6 dns_requests[:] null documents_accessed[:] ['3202[.]xml', '4fbe[.]xml', '661e[.]xml', 'c9ee[.]xml', 'd6a6[.]xml'] executables_written[:] ['WindowsNativeCall_x64[.]dll', 'document[.]pdf 15339179994694132142[.]exe', 'dxl-binary-element17305282879490984986', 'dxl-binary-element653976993<TRUNCATED> falcon_id[:] ldt[:]e4938f319e4f466580e1208f30a8dd90[:]193275626266 file_hash[:] ecde77975ff4bb075f53705ce7c8febbcb5984a499a5366612638815b94a4b01 file_name[:] nuix_single_worker[.]exe first_time[:] 2023-06-30 21[:]44[:]11 ioc_type[:] hash_sha256 ioc_value[:] 2d04cc0a5c5be7789cd18331a6c874c99c17e98cba316f1247050cada13863e1 remote_ip[:] null risk_message[:] CrowdStrike event on CNNDCNWRP002[.] A file written to the file system meets the on-sensor machine learning high confidence threshold for malicious files[.] Detection is based on a high degree of entropy,<TRUNCATED> risk_score[:] 80 search_name[:] RSK-148[:] CrowdStrike Detection Event src[:] null user[:] H355227A vendor_severity[:] high

Sharing

Target

http://_time: 2023-06-30 21:44:11 action: allowed category: NGAV command: "C:\Program Files\Nuix\Nuix 9.6\bin\nuix_single_worker.exe" --add-exports=java.base/jdk.internal.loader=ALL-UNNAMED -Xmx68110m -Dlog4j.configurationFile=file:///C:/Program%20Files/Nuix/Nuix%209.6/conf<TRUNCATED> description: A file written to the file system meets the on-sensor machine learning high confidence threshold for malicious files. Detection is based on a high degree of entropy, packing, anti-malware evasion, or <TRUNCATED> dest: CNNDCNWRP002 dest_ip: 10.18.33.6 dns_requests: null documents_accessed: ['3202.xml', '4fbe.xml', '661e.xml', 'c9ee.xml', 'd6a6.xml'] executables_written: ['WindowsNativeCall_x64.dll', 'document.pdf 15339179994694132142.exe', 'dxl-binary-element17305282879490984986', 'dxl-binary-element653976993<TRUNCATED> falcon_id: ldt:e4938f319e4f466580e1208f30a8dd90:193275626266 file_hash: ecde77975ff4bb075f53705ce7c8febbcb5984a499a5366612638815b94a4b01 file_name: nuix_single_worker.exe first_time: 2023-06-30 21:44:11 ioc_type: hash_sha256 ioc_value: 2d04cc0a5c5be7789cd18331a6c874c99c17e98cba316f1247050cada13863e1 remote_ip: null risk_message: CrowdStrike event on CNNDCNWRP002. A file written to the file system meets the on-sensor machine learning high confidence threshold for malicious files. Detection is based on a high degree of entropy,<TRUNCATED> risk_score: 80 search_name: RSK-148: CrowdStrike Detection Event src: null user: H355227A vendor_severity: high