LetsDefend SOC335 – CVE-2024-49138 Privilege Escalation Exploitation Analysis
Alert Name: SOC335 – CVE-2024-49138 Exploitation Detected
Severity: High
Event ID: 313
Event Time: Jan 22, 2025, 02:37 AM
Category: Privilege Escalation
Base Information Field Value Event ID 313 Event Time Jan 22, 2025, 02:37 AM Rule SOC335 – CVE-2024-49138 Exploitation Detected Analyst Level Security Analyst Hostname Victor IP Address 172.16.17.207 Process Name svohost.exe Process Path C:\temp\service_installer\svohost.exe Process ID 7640 Parent Process C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Command Line ??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 File Hash (SHA-256) b432dcf4a0f0b601b1d79848467137a5e25cab5a0b7b1224be9d3b6540122db9 Process User EC2AMAZ-ILGVOIN\LetsDefend Trigger Reason Suspicious behavior patterns linked to CVE-2024-49138 Device Action Allowed Incident Details Field Value Incident Name EventID 313 – SOC335 CVE-2024-49138 Exploitation Incident Type Privilege Escalation Created Date Jan 08, 2026, 09:12 AM Pre-Investigation Notes Date: Jan 22, 2025, 02:37 AM Hostname: Victor IP Address: 172.