2 AM CPU Spike on Production Server, EDR Shows No Issues: How to Investigate?

The author of the post, who primarily works alone in their company, noticed a sudden spike in CPU usage to 200% on a payment service virtual machine at 2 AM. Although there were no SIEM alerts, disk writes, or suspicious activities in the firewall logs, they discovered an unusual PowerShell process via their Falcon console. The author suspects a fileless, memory-resident attack and seeks advice on the next steps, such as performing a memory dump, using a thread debugger, or analyzing specific logs.