If you do a dynamic analysis on the file, you can see its not making network connections, the URLs you provided is not related. When they ask if the file was quarantined, you can see the processes on the host and that it was running , so the host was infected before the containment.

Just started Letsdefend (Soc Analyst) . I found this highly valuable. 👍🏾

Thanks for the rundown of a LetsDefend alert. I just purchased a year subscription so I'm glad to see it's has a decent UI and structure.

I learned more from this than most certification courses 😅

Great hands-on practice, Thank you for sharing!

I THINK for the if the malware was quarantined part, it means did you quarantine, flag, or block the file or other IOC's from being allowed in the future. The initial alert should show it was allowed since there was no control in place stopping it before. Good explanation and content.

Great analysing plz do more videos it will be helpful

Thanks bro i was looking for hands on training. Good looking out.

The URL is not related to this ransomware attack incident. You can see in those log of that contains the URL are different date and time with this incident. From threat intelligence, there is no network communication by the ransomware

Great job man, i really liked to follow you through the process and learned a lot!

this is very informative keep up the good work

Very helpful, just started on letsdefend

What are you using to copy and paste youre notes on? That looks like great help wile analysing. I could do with using that my self.

can u share the links to malware analysis bookmark you created

nice, can you share comptia CySA+ practice exam 😄😄?

GUY IS FULLY COKED OUT

cool stuff!

I play with try hack me, recommend also letsdedend worth it?