Back to list

Medium CINC-20251221-BA9B370E new

Aggregate ID: aggind:47186ef241ea495885522e5d4930eda3:9221627896

Incident Overview

Incident ID CINC-20251221-BA9B370E
Severity Medium (70)
Status new
Alert Count 2
Host Count 1

Timeline

First Seen 2025-12-22 07:20:12
Last Seen 2025-12-22 07:20:12
Duration 0d 0h 0m
Created 2025-12-22 08:36
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Credential Access
Techniques:
OS Credential Dumping

Affected Hosts (1)

TEAHEE

Related Alerts (2)

Severity Status Hostname Description Tactic Command Line Time
High new TEAHEE An unusual process accessed lsass. This might indicate an attempt to dump credentials. Investigate the process tree. Credential Access C:\WINDOWS\system32\cmd.exe /c "procdump -ma lsass.exe C:\Users\dokji\AppData\Local\Temp\lsass.dmp" 12-22 07:20
High new TEAHEE An unusual process accessed lsass. This might indicate an attempt to dump credentials. Investigate the process tree. Credential Access C:\WINDOWS\system32\cmd.exe /c "procdump -ma lsass.exe C:\Users\dokji\AppData\Local\Temp\lsass.dmp" 12-22 07:20