HIGH 'Network Connection - 1971152322' along with 4 other issues

RESOLVED SECURITY TESTING ID: #20 | Created: 2026-01-01 06:48:15
XDR Console
5
Alerts
1
Hosts
10
Files
0
Network
Incident Overview

'Network Connection - 1971152322' along with 4 other issues generated by XDR Agent and XDR BIOC detected on host book-r0be6s1nc3 involving 2 users

5
2026-01-01 07:15
Unassigned
XDR Agent, XDR BIOC
Malware Credential Access
Affected Hosts & Users
ubuntu book-r0be6s1nc3\ubuntu
MITRE ATT&CK Mapping
TA0005 - Defense Evasion TA0006 - Credential Access TA0011 - Command and Control TA0002 - Execution
T1071.001 - Application Layer Protocol: Web Protocols T1218.007 - System Binary Proxy Execution: Msiexec T1218 - System Binary Proxy Execution T1003.001 - OS Credential Dumping: LSASS Memory
File Artifacts 10
File Name Path SHA256 Signature Verdict Actions
UltimateXdrGenerator.exe - dc6ef9db16f6c3af583ab0e1f123ff0d29f5c2c6cc9bb7635cd52a03583efcd8 SIGNATURE_UNSIGNED UNKNOWN VT
cmd.exe - 64afc6db3aad1289533662e2d79e27dd55c7dcdb8cd918b08e145ad82ad5acb4 SIGNATURE_SIGNED UNKNOWN VT
python.exe - 7d96a4ed35d6e596cd9dd8933feafc66349cc21f75be3b15c89fd336e50140c1 SIGNATURE_SIGNED UNKNOWN VT
python.exe - d70fced7f461f38f9f224d8673fb74e96e4facb4283ff4e8697543b457fea8a0 SIGNATURE_SIGNED UNKNOWN VT
conhost.exe - 6651a3beb0df1e66363a950c37dc9305f185d161fb03761e172ccfa0a4ab4f89 SIGNATURE_SIGNED UNKNOWN VT
chcp.com - 8d75e783f327f899a42927fc2927f0e3d1ec62c4ca1dc88de04dd67de9ae555d SIGNATURE_SIGNED UNKNOWN VT
forfiles.exe - 715b741d06464a7c5f3b67fec479806bf83543498e04e73b5a2e364bc07968b9 SIGNATURE_SIGNED UNKNOWN VT
msiexec.exe - 677417ba3ad87f73cd95ad30423998c6089e7eef381b309a562cda1eb6fe178e SIGNATURE_SIGNED UNKNOWN VT
wevtutil.exe - 3c4c4fe2fc5590a6af5e5f73b7277da8785695e6a131d255943a88e43cdd2a6a SIGNATURE_SIGNED UNKNOWN VT
calc.exe - 81bd48985fa1753e9e2158a7cf969141edddbd050e976801bb477e24a2a06b2a SIGNATURE_SIGNED UNKNOWN VT
Network Artifacts 0
No network artifacts found for this incident
Process Artifacts 5
Process Command Line Parent Process User
python.exe "C:\app\cortex-xdr-siem-test\.venv\Scripts\python.exe" mega_incident_generator.... cmd.exe BOOK-R0BE6S1NC3\ubuntu
python.exe "C:\app\cortex-xdr-siem-test\.venv\Scripts\python.exe" mega_incident_generator.... cmd.exe BOOK-R0BE6S1NC3\ubuntu
UltimateXdrGenerator.exe "C:\app\cortex-xdr-siem-test\xdr_tools\UltimateXdrGenerator\bin\publish\Ultimate... cmd.exe BOOK-R0BE6S1NC3\ubuntu
cmd.exe C:\windows\SYSTEM32\cmd.exe /c ""C:\app\cortex-xdr-siem-test\xdr_incident_runner... cmd.exe ubuntu
cmd.exe C:\windows\SYSTEM32\cmd.exe /c ""C:\app\cortex-xdr-siem-test\xdr_incident_runner... cmd.exe ubuntu
Registry Artifacts 0
No registry artifacts found for this incident
Analyst Verdict
HIGH
  • Isolate affected endpoints
  • Investigate all related alerts
  • Document findings
Summary
5
Alerts
1
Hosts
10
Files
0
Network
Alert Categories
Malware Credential Access
Timeline
01-01 07:15:33
Incident Modified
Status or details updated
01-01 07:15:33
Incident Resolved
resolved security testing
01-01 07:14:06
Possible LSASS memory dump
high - Detected
01-01 07:14:06
Suspicious Process Creation
medium - Prevented (Blocked)
01-01 07:06:01
WildFire Malware
medium - Prevented (Blocked)
01-01 07:01:06
Evasion Technique - 527483761
high - Prevented (Blocked)
01-01 06:48:15
Incident Created
#20 - 'Network Connection - 1971152322' along with 4 other issues
01-01 06:48:15
UltimateXdrGenerator.exe
Verdict: Unknown
01-01 06:48:15
cmd.exe
Verdict: Unknown
01-01 06:48:15
python.exe
Verdict: Unknown
01-01 06:48:15
python.exe
Verdict: Unknown
01-01 06:48:15
conhost.exe
Verdict: Unknown
01-01 06:48:15
chcp.com
Verdict: Unknown
01-01 06:48:15
forfiles.exe
Verdict: Unknown
01-01 06:48:15
msiexec.exe
Verdict: Unknown
01-01 06:48:15
wevtutil.exe
Verdict: Unknown
01-01 06:48:15
calc.exe
Verdict: Unknown
01-01 06:48:06
Network Connection - 1971152322
high - Prevented (Blocked)