Rule Info
Name
Execution of Takeown.exe for File Ownership
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects the execution of takeown.exe, which is used to get ownership of files or directories.
Adversaries may use takeown.exe to take ownership of files or directories to take ownership of files or directories for encryption, deletion, or other malicious purposes.
Date
2025-03-14 00:00:00
Modified
None
Id
40c40adc-217a-4b34-b51e-4014b63dfa7a
Tags
attack.defense-evasion attack.t1222.001
Type
Nextron Sigma feed only (private)
Rule History
Scan your endpoints, forensic images or collected files with our portable scanner THOR