Makecab.EXE Execution With An Uncommon Directive File Extension

Rule Info

Name
Makecab.EXE Execution With An Uncommon Directive File Extension
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the execution of "makecab.exe" with a directive file with an uncommon extension. The typical extension for cab directive is the Diamond Directive File (.DDF). Not using this extension might be a sign of something uncommon or even suspicious worth investigating.
Date
2024-03-12 00:00:00
Modified
None
Id
962fe105-395d-4627-9d7f-ff07b9be27e9
Tags
attack.execution attack.t1218
Type
Nextron Sigma feed only (private)

Rule History