Non-Executable Extension File Renamed With Executable Extension

Rule Info

Name
Non-Executable Extension File Renamed With Executable Extension
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects rename operations of files with a non-executable extension such as (.txt, .pdf, etc.) to files with an executable extension such as (.exe, .dll, etc.). This is often performed by malware in order to avoid initial detections based on extensions.
Reference
https://twitter.com/ffforward/status/1481672378639912960
Date
2023-11-11 00:00:00
Modified
None
Id
10b4fc9e-25e7-4ca9-b86f-cd1d8777c120
Tags
attack.defense-evasion attack.t1036.008
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022