T1204.002 Malicious File
T1105 Ingress Tool Transfer
T1071.001 Application Layer Protocol
T1486 Data Encrypted for Impact
Malware activity was detected on endpoint 10.15.15.18 involving execution of the file Invoice.exe. The file hash f83fb9ce6a83da58b20685c1d7e1e546 was identified as malicious and associated with Maze ransomware.
SOC104 Malware Detected alert was triggered for Invoice.exe. Device action was initially allowed, meaning the file executed on the host. VirusTotal analysis classified the file as ransomware Maze. Log review confirmed an outbound network connection from 10.15.15.18 to IP address 92.63.8.47 which is also flagged as infrastructure linked to Maze ransomware. This indicates command and control communication following execution.
Event Time Dec 01 2020 10:23 AM
Alert Closed Jan 22 2026 10:01 AM
Endpoint 10.15.15.18
Malicious File Invoice.exe
MD5 f83fb9ce6a83da58b20685c1d7e1e546
Destination IP 92.63.8.47
Event ID 36
Rule SOC104 Malware Detected
The file Invoice.exe was identified as Maze ransomware based on hash reputation and threat intelligence correlation. The confirmed outbound communication to known malicious infrastructure strengthens the assessment of active compromise. The endpoint was contained and escalated for remediation and cleanup to prevent encryption impact and lateral movement. The alert was determined to be a True Positive.