Suspicious Driver Service Installation - Security

Swachchhanda Shrawan Poudel (Nextron Systems)

Detects installations of driver services from unusual directories that may indicate malicious activity. Adversaries often deploy rogue or compromised drivers to evade security measures (like EDR/AV), obtain kernel-level access, or extract sensitive data like LSASS memory. This approach has become increasingly prevalent among ransomware operators and malicious actors.

2026-01-27 00:00:00

None

d0e0274c-7df8-46b1-a2b5-a804e43a2d17

attack.defense-evasion attack.t1562.001

Nextron Sigma feed only (private)