Back to list

Medium CINC-20251221-EA18C193 new

Aggregate ID: aggind:47186ef241ea495885522e5d4930eda3:9184726368

Incident Overview

Incident ID CINC-20251221-EA18C193
Severity Medium (70)
Status new
Alert Count 1
Host Count 1

Timeline

First Seen 2025-12-22 05:36:14
Last Seen 2025-12-22 05:36:14
Duration 0d 0h 0m
Created 2025-12-22 08:36
Updated 2026-01-13 15:14

Kill Chain Analysis

Rec... Ini... Exe... Per... Pri... Def... Cre... Dis... Lat... Col... Com... Exf... Imp...
Observed Tactics:
Defense Evasion
Techniques:
Rundll32

Affected Hosts (1)

TEAHEE

Related Alerts (1)

Severity Status Hostname Description Tactic Command Line Time
High new TEAHEE Rundll32 launched with unusual arguments. This occasionally results from applications misusing rundll32, but it might be malware preparing to hollow out the process or abusing it to launch a malicious payload. Review the command line and the process tree. Defense Evasion C:\WINDOWS\system32\cmd.exe /c "rundll32 comsvcs.dll MiniDump 123 C:\Users\dokji\AppData\Local\Temp\lsass.dmp full" 12-22 05:36