Back to list

Medium CINC-20251221-3144B681 new

Aggregate ID: aggind:561559e2fcea400ba3601b74d64aa30b:4392869077

Incident ID CINC-20251221-3144B681

Severity Medium (70)

Status new

Alert Count 1

Host Count 1

First Seen 2025-12-22 05:01:13

Last Seen 2025-12-22 05:01:13

Duration 0d 0h 0m

Created 2025-12-22 08:36

Updated 2026-01-13 15:14

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...

Observed Tactics:

Techniques:

Severity	Status	Hostname	Description	Tactic	Command Line	Time
High	new	DESKTOP-FNUMV3U	A process with an obfuscated command line appears to be using certutil to decode a malicious payload. Review the command line.	Defense Evasion	certutil -decode C:\Users\User\AppData\Local\Temp\encoded.txt C:\Users\User\AppData\Local\Temp\decoded.exe	12-22 05:01