Back to list

Medium CINC-20251221-5A4B6335 new

Aggregate ID: aggind:024efd237c2d4f87958607652cb04c8b:17339301318

Incident Overview

Incident ID CINC-20251221-5A4B6335
Severity Medium (70)
Status new
Alert Count 1
Host Count 1

Timeline

First Seen 2025-12-22 01:53:22
Last Seen 2025-12-22 01:53:22
Duration 0d 0h 0m
Created 2025-12-22 08:36
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Defense Evasion
Techniques:
Rundll32

Affected Hosts (1)

BOOK-R0BE6S1NC3

Related Alerts (1)

Severity Status Hostname Description Tactic Command Line Time
High new BOOK-R0BE6S1NC3 Rundll32 launched a suspended process. This might be malware hijacking system processes and launching suspended processes as hollowing targets. Investigate the process tree and the source of the injection. Defense Evasion "rundll32.exe" pcwutl.dll,LaunchApplication calc.exe 12-22 01:53