received alert from Traps regarding malware detection of the maximum system due to file “Wininfo.exe”. Please find a snapshot of one system and suggest how to fix this. Is there any impact? CORTEXXDR WildFire Malware High Source:XDR Agent Category:Malware Action:Detected (Post Detected) Host:SS-akhil Username:N/A Starred:No Excluded:No Alert:1240 Incident:123 { "original_alert_json":{ "uuid":"60950e6e927a42679814266964aa8edb", "recordType":"threat", "customerId":"1396903310", "severity":3, "generatedTime":"2021-08-13T09:14:58.439860Z", "originalAgentTime":"2021-08-13T09:14:58.439860Z", "serverTime":"2021-08-13T09:16:28.194296", "isEndpoint":1, "agentId":"8e6737354f7e37f0d7b25c330ebf0c7a", "endPointHeader":{ "osVersion":"10.0.19043", "agentIp":"192.168.0.101", "deviceName":"SS-akhil", "agentVersion":"5.0.6.5109", "contentVersion":"193-67945", "policyTag":"ZWMzNzFjZWEwZThlYjVkYzA5YjZlYWNhMDI0NjlkZTk0OTU2NzgyNTIzM2U2NWQ5ODhmZmM2OTBiNGY5NDk3MjpGYWxzZTpESVNBQkxFRDpMSUNFTlNFXzIwX1BSRVZFTlQ=", "securityStatus":0, "protectionStatus":0, "deviceDomain":"ss.group", "userName":"akhilheda", "userDomain":"ss.group", "userSid":"S-1-5-21-3286644759-2474778216-3316818064-3298", "osType":1, "is64":1, "isVdi":0, "agentId":"8e6737354f7e37f0d7b25c330ebf0c7a", "agentTime":"2021-08-13T09:14:58.439860Z", "tzOffset":0 }, "messageData":{ "eventCategory":"prevention", "moduleId":"COMPONENT_WILDFIRE_POST_DETECTION", "moduleStatusId":"CYSTATUS_MALICIOUS_EXE", "preventionKey":"ee6af308fc1611ebbcfa98fa9b5d3ad5", "processes":[ ], "files":[ { "rawFullPath":"\\\\?\\C:\\ProgramData\\Lenovo\\ImController\\SystemPluginData\\LenovoSystemUpdatePlugin\\session\\Repository\\r0zuj05w\\wininfo.exe", "fileName":"wininfo.exe", "sha256":"3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045c", "fileSize":"82432" }, { "rawFullPath":"\\\\?\\C:\\ProgramData\\Lenovo\\ImController\\SystemPluginData\\LenovoSystemUpdatePlugin\\session\\Repository\\r0zuj12w\\wininfo.exe", "fileName":"wininfo.exe", "sha256":"3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045c", "fileSize":"82432" } ], "users":[ ], "urls":[ ], "postDetected":1, "sockets":[ ], "block":0, "eventParameters":[ "\\\\?\\C:\\ProgramData\\Lenovo\\ImController\\SystemPluginData\\LenovoSystemUpdatePlugin\\session\\Repository\\r0zuj12w\\wininfo.exe", "3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045c", "3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045c", "1" ], "fileIdx":0, "verdict":1, "preventionMode":"post_detected", "trapsSeverity":3, "profile":"Malware", "description":"WildFire Malware", "cystatusDescription":"Suspicious executable detected", "sourceFile":{ "rawFullPath":"\\\\?\\C:\\ProgramData\\Lenovo\\ImController\\SystemPluginData\\LenovoSystemUpdatePlugin\\session\\Repository\\r0zuj05w\\wininfo.exe", "fileName":"wininfo.exe", "sha256":"3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045c", "fileSize":"82432" }, "policyId":"3a2d7cfbae6c4ab39e8ffcd727140573" } }, "internal_id":1240, "external_id":"ee6af308fc1611ebbcfa98fa9b5d3ad5", "severity":"SEV_040_HIGH", "matching_status":"MATCHED", "detection_modules":null, "end_match_attempt_ts":null, "alert_source":"TRAPS", "local_insert_ts":1628846247856, "source_insert_ts":1628846157839, "alert_name":"WildFire Malware", "alert_category":"Malware", "alert_description":"Suspicious executable detected", "bioc_indicator":null, "matching_service_rule_id":null, "attempt_counter":0, "bioc_category_enum_key":null, "alert_action_status":"POST_DETECTED", "case_id":123, "is_whitelisted":false, "starred":false, "deduplicate_tokens":null, "filter_rule_id":null, "mitre_technique_id_and_name":[ "" ], "mitre_tactic_id_and_name":[ "" ], "agent_id":"8e6737354f7e37f0d7b25c330ebf0c7a", "agent_version":"5.0.6.5109", "agent_ip_addresses":[ "192.168.0.101" ], "agent_hostname":"SS-akhil", "agent_device_domain":"ss.group", "agent_fqdn":"SS-akhil.ss.group", "agent_os_type":"AGENT_OS_WINDOWS", "agent_os_sub_type":"10.0.19043", "agent_data_collection_status":null, "mac":null, "agent_is_vdi":null, "agent_install_type":"STANDARD", "agent_host_boot_time":null, "event_sub_type":null, "module_id":[ "WildFire post detection" ], "module_name":[ "COMPONENT_WILDFIRE_POST_DETECTION" ], "association_strength":null, "dst_association_strength":null, "story_id":null, "is_disintegrated":null, "event_id":null, "event_type":[ 3 ], "event_timestamp":[ 1628846098439 ], "actor_effective_username":[ "N\/A" ], "actor_process_instance_id":null, "actor_process_image_path":null, "actor_process_image_name":null, "actor_process_command_line":null, "actor_process_signature_status":[ "SIGNATURE_UNAVAILABLE" ], "actor_process_signature_vendor":null, "actor_process_image_sha256":null, "actor_process_image_md5":null, "actor_process_causality_id":null, "actor_causality_id":null, "actor_process_os_pid":null, "actor_thread_thread_id":null, "actor_process_execution_time":null, "causality_actor_process_image_name":null, "causality_actor_process_command_line":null, "causality_actor_process_image_path":null, "causality_actor_process_instance_id":null, "causality_actor_process_os_pid":null, "causality_actor_process_signature_vendor":null, "causality_actor_process_signature_status":[ "SIGNATURE_UNAVAILABLE" ], "causality_actor_causality_id":null, "causality_actor_process_execution_time":null, "causality_actor_process_image_md5":null, "causality_actor_process_image_sha256":null, "action_file_path":[ "\\\\?\\C:\\ProgramData\\Lenovo\\ImController\\SystemPluginData\\LenovoSystemUpdatePlugin\\session\\Repository\\r0zuj12w\\wininfo.exe" ], "action_file_name":[ "wininfo.exe" ], "action_file_md5":null, "action_file_sha256":[ "3ae8462769a4d5012b66af226a196bb12571c72a231b66f07afcc838e878045c" ], "action_file_macro_sha256":null, "action_registry_data":null, "action_registry_key_name":null, "action_registry_value_name":null, "action_registry_full_key":null, "action_local_ip":null, "action_local_port":null, "action_remote_ip":null, "action_remote_port":null, "action_external_hostname":null, "action_country":[ "UNKNOWN" ], "action_process_instance_id":null, "action_process_causality_id":null, "action_process_image_name":null, "action_process_image_sha256":null, "action_process_image_command_line":null, "action_process_signature_status":[ "SIGNATURE_UNAVAILABLE" ], "action_process_signature_vendor":null, "action_process_image_path":null, "action_process_image_md5":null, "action_process_os_pid":null, "os_actor_effective_username":null, "os_actor_process_instance_id":null, "os_actor_process_image_path":null, "os_actor_process_image_name":null, "os_actor_process_command_line":null, "os_actor_process_signature_status":[ "SIGNATURE_UNAVAILABLE" ], "os_actor_process_signature_vendor":null, "os_actor_process_image_md5":null, "os_actor_process_image_sha256":null, "os_actor_process_causality_id":null, "os_actor_causality_id":null, "os_actor_process_os_pid":null, "os_actor_thread_thread_id":null, "os_actor_process_execution_time":null, "fw_app_id":null, "fw_interface_from":null, "fw_interface_to":null, "fw_rule":null, "fw_rule_id":null, "fw_device_name":null, "fw_serial_number":null, "fw_url_domain":null, "fw_email_subject":null, "fw_email_sender":null, "fw_email_recipient":null, "fw_app_subcategory":null, "fw_app_category":null, "fw_app_technology":null, "fw_vsys":null, "fw_xff":null, "fw_misc":null, "fw_is_phishing":[ "NOT_AVAILABLE" ], "dst_agent_id":null, "dst_causality_actor_process_execution_time":null, "dns_query_name":null, "dst_action_external_hostname":null, "dst_action_country":null, "dst_action_external_port":null, "is_pcap":null, "contains_featured_host":[ "NO" ], "contains_featured_user":[ "NO" ], "contains_featured_ip":[ "NO" ], "image_name":null, "container_id":null, "cluster_name":null, "remote_cid":null, "events_length":1, "is_excluded":false }
... View more