Suspicious Sc Query Execution

Rule Info

Name
Suspicious Sc Query Execution
Author
Nasreddine Bencherchali
Description
Detects suspicious execution of "sc.exe" to query information about all registered services on a system or specific important services
Date
2022-11-10 00:00:00
Modified
2023-02-07 00:00:00
Id
168c46d7-5038-4a6a-86c6-08bfb1012854
Tags
attack.discovery attack.t1007
Type
Nextron Sigma feed only (private)

Rule History