Investigating IOCs

Scenario 1

Your incident response team has quarantined a suspicious bin file. The team thinks it is a ransomware variation. Investigate and create indicators for the file.

You can find the shellcode under C:\Users\Jon\Documents\Scenarios\Scenario 1

Scenario 2

You have been assigned to analyze this week's quarantined files. The file is thought to be an unknown trojan or a new strain of the emotet malware. Investigate and create indicators for the file.

You can find the shellcode under C:\Users\Jon\Documents\Scenarios\Scenario 2

Read the above and complete the investigations

What is the name of the file from Scenario 1?

What is the size of the file from Scenario 1 in bytes?

What is the size on disk of the file from Scenario 1 in bytes?

What is the MD5 hash of the file from Scenario 1?

What is the name of the file from Scenario 2?

What is the size of the file from Scenario 2 in bytes?

What is the size on disk of the file from Scenario 2 in bytes?

What is the MD5 hash of the file from Scenario 2?

Create IOCs for both files using IOCe.