DriverQuery.EXE Execution

Rule Info

Name
DriverQuery.EXE Execution
Description
Detect usage of the "driverquery" utility. Which can be used to perform reconnaissance on installed drivers
Reference
https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/
Modified
2023-02-04 00:00:00
Date
2023-01-19 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.discovery DEMO
Id
a20def93-0709-4eae-9bd2-31206e21e6b2
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=a20def93-0709-4eae-9bd2-31206e21e6b2

Rule History

Author
Commit
Title
Date
Nasreddine Bencherchali
68f0833cb
feat: more fixes and updates
2023-02-05
Nasreddine Bencherchali
7c38a5c49
chore: add nextron authors tag
2023-02-01
Nasreddine Bencherchali
a7c7816b9
fix: driverquery condition and selection
2023-01-19
Nasreddine Bencherchali
fa1ede8c6
feat: new rules for driverquery
2023-01-19
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022