Back to list

Critical CINC-20251221-963F8AB2 new

Aggregate ID: aggind:024efd237c2d4f87958607652cb04c8b:17401925971

Incident Overview

Incident ID CINC-20251221-963F8AB2
Severity Critical (90)
Status new
Alert Count 1
Host Count 1

Timeline

First Seen 2025-12-22 03:11:09
Last Seen 2025-12-22 03:11:09
Duration 0d 0h 0m
Created 2025-12-22 08:36
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Credential Access
Techniques:
OS Credential Dumping

Affected Hosts (1)

BOOK-R0BE6S1NC3

Related Alerts (1)

Severity Status Hostname Description Tactic Command Line Time
Critical new BOOK-R0BE6S1NC3 A process saved the Security Account Manager SAM or SYSTEM hive to disk. If this is unexpected, it likely indicates credential theft. Investigate the process tree. Credential Access reg save HKLM\SYSTEM "C:\Users\ubuntu\AppData\Local\Temp\system_test" /y 12-22 03:11