Back to list

Critical CINC-20251221-2971AA6B new

Aggregate ID: aggind:47186ef241ea495885522e5d4930eda3:9093199435

Incident Overview

Incident ID CINC-20251221-2971AA6B
Severity Critical (90)
Status new
Alert Count 2
Host Count 1

Timeline

First Seen 2025-12-22 02:21:40
Last Seen 2025-12-22 02:21:40
Duration 0d 0h 0m
Created 2025-12-22 08:36
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Defense Evasion Credential Access
Techniques:
Rundll32 OS Credential Dumping

Affected Hosts (1)

TEAHEE

Related Alerts (2)

Severity Status Hostname Description Tactic Command Line Time
High new TEAHEE Rundll32 launched with unusual arguments. This occasionally results from applications misusing rundll32, but it might be malware preparing to hollow out the process or abusing it to launch a malicious payload. Review the command line and the process tree. Defense Evasion rundll32 comsvcs.dll MiniDump 123 C:\Users\dokji\AppData\Local\Temp\dump.dmp full 12-22 02:21
Critical new TEAHEE A process appears to be accessing credentials and might be dumping passwords. If this is unexpected, review the process tree. Credential Access rundll32 comsvcs.dll MiniDump 123 C:\Users\dokji\AppData\Local\Temp\dump.dmp full 12-22 02:21