Suspicious Sc Query Execution

Rule Info

Id
168c46d7-5038-4a6a-86c6-08bfb1012854
Author
Nasreddine Bencherchali
Name
Suspicious Sc Query Execution
Tags
attack.discovery attack.t1007
Date
2022-11-10 00:00:00
Modified
None
Description
Detects suspicious execution of "sc.exe" to query information about all registered services on a system or specific important services
Type
Nextron Sigma feed only (private)

Rule History