Loading threats
Composite behavior identifying authenticated SMB access to IPC$ and data shares followed by a file overwrite operation creating MyWallet.exe. The sequence indicates remote delivery and staging of a Windows executable over SMB, consistent with lateral movement or payload deployment activity using administrative share access.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 98.16.34.185 | 97% | 113 | 89 | 🇺🇸 US | AS7029 | 2026-02-20 |