Back to list

Critical CINC-20251221-7AF43119 new

Aggregate ID: aggind:47186ef241ea495885522e5d4930eda3:9184377313

Incident Overview

Incident ID CINC-20251221-7AF43119
Severity Critical (90)
Status new
Alert Count 2
Host Count 1

Timeline

First Seen 2025-12-22 05:36:14
Last Seen 2025-12-22 05:36:14
Duration 0d 0h 0m
Created 2025-12-22 08:36
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Credential Access Defense Evasion
Techniques:
OS Credential Dumping Rundll32

Affected Hosts (1)

TEAHEE

Related Alerts (2)

Severity Status Hostname Description Tactic Command Line Time
Critical new TEAHEE A process appears to be accessing credentials and might be dumping passwords. If this is unexpected, review the process tree. Credential Access rundll32 comsvcs.dll MiniDump 123 C:\Users\dokji\AppData\Local\Temp\lsass.dmp full 12-22 05:36
High new TEAHEE Rundll32 launched with unusual arguments. This occasionally results from applications misusing rundll32, but it might be malware preparing to hollow out the process or abusing it to launch a malicious payload. Review the command line and the process tree. Defense Evasion rundll32 comsvcs.dll MiniDump 123 C:\Users\dokji\AppData\Local\Temp\lsass.dmp full 12-22 05:36