Alert Details - DeFender X

Alert Information High

Alert ID: ind:024efd237c2d4f87958607652cb04c8b:26741666350-10163-3366160
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:024efd237c2d4f87958607652cb04c8b:26741666350-10163-3366160
설명: A PowerShell script attempted to bypass Microsoft's AntiMalware Scan Interface (AMSI). PowerShell exploit kits often attempt to bypass AMSI to evade detection. Review the script.
호스트: BOOK-R0BE6S1NC3
상태: new
생성 시간: 2025-12-22 07:48:09
업데이트 시간: 2025-12-22 08:47:09

MITRE ATT&CK

Tactic: Execution
Technique: PowerShell

Command Line

powershell  -c "[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)"

Raw JSON Data

{"id":"ind:024efd237c2d4f87958607652cb04c8b:26741666350-10163-3366160","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:024efd237c2d4f87958607652cb04c8b:26741666350-10163-3366160","agent_id":"024efd237c2d4f87958607652cb04c8b","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"A PowerShell script attempted to bypass Microsoft\u0027s AntiMalware Scan Interface (AMSI). PowerShell exploit kits often attempt to bypass AMSI to evade detection. Review the script.","severity":70,"severity_name":"High","confidence":80,"tactic":"Execution","tactic_id":"TA0002","technique":"PowerShell","technique_id":"T1059.001","cmdline":"powershell  -c \u0022[Ref].Assembly.GetType(\u0027System.Management.Automation.AmsiUtils\u0027).GetField(\u0027amsiInitFailed\u0027,\u0027NonPublic,Static\u0027).SetValue($null,$true)\u0022","filename":"powershell.exe","filepath":"\\Device\\HarddiskVolume3\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe","sha256":"0ff6f2c94bc7e2833a5f7e16de1622e5dba70396f31c7d5f56381870317e8c46","status":"new","type":"ldt","created_timestamp":"2025-12-21T22:48:09.891452105Z","updated_timestamp":"2025-12-21T23:47:09.901400864Z","device":{"device_id":"024efd237c2d4f87958607652cb04c8b","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.20309.0","hostname":"BOOK-R0BE6S1NC3","local_ip":"172.27.1.19","external_ip":"119.206.248.238","mac_address":"00-72-ee-3e-51-84","platform_name":"Windows","os_version":"Windows 11"},"aggregate_id":"aggind:024efd237c2d4f87958607652cb04c8b:17559700145","CreatedAt":"2025-12-22T07:48:09.8914521+09:00","UpdatedAt":"2025-12-22T08:47:09.9014009+09:00"}

Quick Info

Severity High
Score 70
Agent ID 024efd237c2d4f87958607652cb04c8b

Actions

Falcon Console에서 보기 목록으로 돌아가기