HH.EXE Initiated A Network Connection To An Uncommon Destination Port

Rule Info

Name
HH.EXE Initiated A Network Connection To An Uncommon Destination Port
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects a network connection initiated by the "hh.exe" process to an uncommon destination port. This could indicate potential process injection or uncommon communication method.
Reference
Internal Research
Date
2024-03-12 00:00:00
Modified
None
Id
0d26fb73-6f19-4701-a464-1595fb4fca87
Tags
attack.defense_evasion attack.t1218.001
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022