Ticket#3573663/Stonehenge Advisors, Inc/COMPLETED STATUS - Tous les Emails Récents

THIS IS AN AUTOMATED EMAIL RESPONSE; NO REPLY IS NECCESSAR

Company Name: Stonehenge Advisors, Inc
Contact: Dan Sablosky (POC)
Ticket #: 3573663
Summary: [##365645##] High - SentinelOne Threat - Stonehenge Advisors, Inc - Advanced_IP_Scanner_2.5.4594.1.e

This email is to inform you that ticket 3573663 has been marked completed and will be closed in one day.

Should you feel that this ticket has not been resolved satisfactorily, please let us know how we may assist by replying to this email or call 212-507-9420.

Fri 6/26/2026/10:38 AM UTC-04/ Christopher Clarke (time)-

Confirmed this was Max Kenny working on ticket number 3566323

No additional actions needed

Closing alert

Fri 6/26/2026/10:29 AM UTC-04/ Dan Sablosky (POC)

{ "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://desk.cyflare.cloud/portal/ticket/365645", "name": "View Ticket " }, "description": "View Ticket" }

Dear IH-Atlantic_Stonehenge Advisors,

A ticket has been created with the following details:

Account Name: Atlantic_Stonehenge Advisors

Ticket ID: 365645

Priority: High

Subject: High - SentinelOne Threat - Stonehenge Advisors, Inc - Advanced_IP_Scanner_2.5.4594.1.exe - 06/26/26

Description:

EDR: Advanced_IP_Scanner_2.5.4594.1.exe

Customer: Stonehenge Advisors, Inc | Detected: 2026-06-26 10:22:42 UTC-04

Priority: HighSource: SentinelOneThreat Status: Mitigated - Contained by SOCkill: successquarantine: failed

Alert Link:EDR Alert

Executive Summary AI-Assisted

A suspicious, signed program was detected and blocked on an employee's desktop used by Lyndon, rated as a moderate-risk event because it resembles a tool often used for network discovery. The endpoint mitigation acted to stop execution and quarantine attempts, and the alert remains unresolved. Business impact is limited if no lateral activity occurred, but such tools can expose internal systems if allowed to run.

SOC Response Actions

Actions the SOC performed (or attempted). Follow this link for further information on Use Case #5 and Use Case #6.

ActionStatus

--- ---

LYN-DT-CONCH, no full disk scan command was sent. Not Configured

LYN-DT-CONCH, endpoint was not isolated from the network. Not Configured

Recommended Remediation

Containment: Isolate endpoint 'LYN-DT-CONCH' from the network immediately to prevent lateral movement and external connections.

Eradication: Remove and uninstall 'Advanced_IP_Scanner_2.5.4594.1.exe' from 'C:\Users\LYNDON\Downloads' on 'LYN-DT-CONCH' and delete the file '26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b' (SHA256) from all backups and file stores.

Eradication: Terminate any running instances of the originating process 'chrome.exe' under user 'LYN-DT-CONCH\LYNDON' and reset the user's authentication token(s) by forcing a session/token revocation.

Hardening: Ensure application execution control is in place by blocking execution of unsigned or non-approved installers in user Downloads folders and enforce least-privilege for standard users to prevent installation of administrative tools.

Hardening: Validate and restrict use of network scanning tools via application allowlist and update endpoint protection policies to block or quarantine known hacktools classified as 'Malware' with 'suspicious' confidence level.

Key Details

Threat ClassificationMalwareEndpoint NameLYN-DT-CONCH

Detection EngineOn-Write DFI - SuspiciousEndpoint IP Address192.168.128.137

File Path\Device\HarddiskVolume3\Users\LYNDON\Downloads\Advanced_IP_Scanner_2.5.4594.1.exeSite NameStonehenge Advisors

File Hash26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193bGroup Name Stonehenge Advisors Inc - LYNDON KPG-MCG Curtis Tenant LLC

File Publisher NameFAMATECH CORP.SentinelOne Mitigation Policyprotect

File Publisher Signed & VerifiedSignedVerifiedSentinelOne Mitigation Statusnot_mitigated

Command Line

SOC Findings

Threat Intelligence & Reputation

VirusTotal

26d5748f...593c193b

Malicious

File hash detected by 2 security engines. Classified under the meaningful name Advanced_IP_Scanner_2.5.4594.1.exe.

Hybrid-Analysis

26d5748f...593c193b

Malicious

File hash detected by 3 security engines. Classified under the meaningful name Advanced_IP_Scanner_2.5.4594.1.exe.

Indicators of Compromise

The threat indicator shows that a tool called 'Advanced IP Scanner' has been found on the system. This software is typically used to scan networks and identify connected devices. While it can serve legitimate purposes, its detection may suggest unauthorized activity, indicating that someone could be attempting to gather information about the network or its devices for malicious reasons. It's important to investigate its presence to ensure the security of the network.

Cross-Service Intelligence i

Below is additional context from other services subscribed by the customer.

ServiceSourceRelevant InsightReference

--- --- --- ---

ESN/ANo relevant tools configured for enrichment.

Need help or want us to take additional actions? Reply to this ticket and the SOC will assist.

You can view all details here: 365645

Thank you,

You can check the status of your Service Ticket by calling our Customer Care Hotline at (212) 507-9420.

View Ticket