Alert Information
Informational
- Alert ID
ind:024efd237c2d4f87958607652cb04c8b:27100890786-10417-3833104- Composite ID
84393bf974fd44bda943a25a6a7bc27f:ind:024efd237c2d4f87958607652cb04c8b:27100890786-10417-3833104- 설명
- A suspicious process was identified by CrowdStrike. Review the process tree.
- 호스트
- BOOK-R0BE6S1NC3
- 상태
- new
- 생성 시간
- 2025-12-22 08:07:45
- 업데이트 시간
- 2025-12-22 09:06:45
MITRE ATT&CK
- Tactic
- Execution
- Technique
- User Execution
Command Line
\??\C:\windows\system32\conhost.exe 0xffffffff -ForceV1
Raw JSON Data
{"id":"ind:024efd237c2d4f87958607652cb04c8b:27100890786-10417-3833104","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:024efd237c2d4f87958607652cb04c8b:27100890786-10417-3833104","agent_id":"024efd237c2d4f87958607652cb04c8b","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"A suspicious process was identified by CrowdStrike. Review the process tree.","severity":10,"severity_name":"Informational","confidence":80,"tactic":"Execution","tactic_id":"TA0002","technique":"User Execution","technique_id":"T1204","cmdline":"\\??\\C:\\windows\\system32\\conhost.exe 0xffffffff -ForceV1","filename":"conhost.exe","filepath":"\\Device\\HarddiskVolume3\\Windows\\System32\\conhost.exe","sha256":"6651a3beb0df1e66363a950c37dc9305f185d161fb03761e172ccfa0a4ab4f89","status":"new","type":"ldt","created_timestamp":"2025-12-21T23:07:45.532962762Z","updated_timestamp":"2025-12-22T00:06:45.54020046Z","device":{"device_id":"024efd237c2d4f87958607652cb04c8b","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.20309.0","hostname":"BOOK-R0BE6S1NC3","local_ip":"172.27.1.19","external_ip":"119.206.248.238","mac_address":"00-72-ee-3e-51-84","platform_name":"Windows","os_version":"Windows 11"},"aggregate_id":"aggind:024efd237c2d4f87958607652cb04c8b:17577316374","CreatedAt":"2025-12-22T08:07:45.5329628+09:00","UpdatedAt":"2025-12-22T09:06:45.5402005+09:00"}
Quick Info
- Severity Informational
- Score 10
-
Agent ID
024efd237c2d4f87958607652cb04c8b
Actions