Alert Details - DeFender X

Alert Information Medium

Alert ID: ind:561559e2fcea400ba3601b74d64aa30b:150426853176-10116-21026576
Composite ID: 84393bf974fd44bda943a25a6a7bc27f:ind:561559e2fcea400ba3601b74d64aa30b:150426853176-10116-21026576
설명: A suspicious process related to a likely malicious file was launched. Review any binaries involved as they might be related to malware.
호스트: DESKTOP-FNUMV3U
상태: new
생성 시간: 2025-12-22 07:37:38
업데이트 시간: 2025-12-22 08:36:38

MITRE ATT&CK

Tactic: Post-Exploit
Technique: Malicious Tool Execution

Command Line

netsh  add helper C:\evil.dll

Raw JSON Data

{"id":"ind:561559e2fcea400ba3601b74d64aa30b:150426853176-10116-21026576","composite_id":"84393bf974fd44bda943a25a6a7bc27f:ind:561559e2fcea400ba3601b74d64aa30b:150426853176-10116-21026576","agent_id":"561559e2fcea400ba3601b74d64aa30b","cid":"84393bf974fd44bda943a25a6a7bc27f","description":"A suspicious process related to a likely malicious file was launched. Review any binaries involved as they might be related to malware.","severity":50,"severity_name":"Medium","confidence":80,"tactic":"Post-Exploit","tactic_id":"CSTA0003","technique":"Malicious Tool Execution","technique_id":"CST0010","cmdline":"netsh  add helper C:\\evil.dll","filename":"netsh.exe","filepath":"\\Device\\HarddiskVolume1\\Windows\\System32\\netsh.exe","sha256":"6b691b06fa865f52c9484ef4f10e2e02ed6d7c3a3f474b8b138a33af7258b2a9","status":"new","type":"ldt","created_timestamp":"2025-12-21T22:37:38.993777746Z","updated_timestamp":"2025-12-21T23:36:38.997130743Z","device":{"device_id":"561559e2fcea400ba3601b74d64aa30b","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.20309.0","hostname":"DESKTOP-FNUMV3U","local_ip":"172.26.224.1","external_ip":"14.47.49.244","mac_address":"00-15-5d-52-e9-ba","platform_name":"Windows","os_version":"Windows 10"},"aggregate_id":"aggind:561559e2fcea400ba3601b74d64aa30b:4502255413","CreatedAt":"2025-12-22T07:37:38.9937777+09:00","UpdatedAt":"2025-12-22T08:36:38.9971307+09:00"}

Quick Info

Severity Medium
Score 50
Agent ID 561559e2fcea400ba3601b74d64aa30b

Actions

Falcon Console에서 보기 목록으로 돌아가기