Machine learning (ML) is revolutionizing the detection of emerging threats by significantly reducing dwell time, the period between a threat's introduction and its detection. An example discussed highlights how ML, particularly unsupervised ML jobs in the Elastic stack, can identify anomalies and provide alerts much faster than traditional methods, decreasing dwell time from 46 days to potentially just 16 minutes. The case study involves a malware sample in the form of a Windows Installer package (.msi), which initially went undetected by many endpoint detection and response (EDR) products and antivirus engines. The ML model detects unusual activities, such as anomalous network behavior and DLL loading events, which can be converted into alerts to identify threats. While attribution of the malware to a specific campaign remains uncertain, it is suspected to target Ukrainian users and organizations, showcasing ML's crucial role in identifying and responding to sophisticated cyber threats swiftly.