
Rule Info
Name
Sysinternals Tools AppX Versions Execution
Description
Detects execution of Sysinternals tools via an AppX package. Attackers could install the Sysinternals Suite to get access to tools such as psexec and procdump to avoid detection based on System paths
Reference
Internal Research
Modified
None
Date
2023-01-16 00:00:00
Author
Nasreddine Bencherchali (Nextron Systems)
Tags
attack.defense_evasion DEMO attack.execution
Id
d29a20b2-be4b-4827-81f2-3d8a59eab5fc
Type
Community Rule
Link to Public Repo