DriverQuery.EXE Execution

Rule Info

Name
DriverQuery.EXE Execution
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detect usage of the "driverquery" utility. Which can be used to perform reconnaissance on installed drivers
Reference
https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/
Date
2023-01-19 00:00:00
Modified
2023-09-29 00:00:00
Id
a20def93-0709-4eae-9bd2-31206e21e6b2
Tags
attack.discovery
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=a20def93-0709-4eae-9bd2-31206e21e6b2

Rule History

Author
Title
Date
Commit
Swachchhanda Shrawan Poudel
Merge PR #5775 from @swachchhanda000 - Restructure regression testing data directory
2025-11-26
c141859b8
Nasreddine Bencherchali
Merge PR #5719 from @nasbench - Add regression test CI, data and simulation links
2025-11-25
2cb7375c6
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
Merge PR #4942 from @nasbench - promote older rules status from experimental to test
2024-08-01
6b7814466
Nasreddine Bencherchali
Merge PR #4482 From @nasbench - Add New Automation Workflows
2023-10-18
95793d73b
Nasreddine Bencherchali
Merge PR #4427 from @nasbench - Multiple Fixes & Enhancements
2023-10-04
e230acd7e
Nasreddine Bencherchali
feat: more fixes and updates
2023-02-05
68f0833cb
Nasreddine Bencherchali
chore: add nextron authors tag
2023-02-01
7c38a5c49
Nasreddine Bencherchali
fix: driverquery condition and selection
2023-01-19
a7c7816b9
Nasreddine Bencherchali
feat: new rules for driverquery
2023-01-19
fa1ede8c6
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022