
Rule Info
Name
Sysinternals Tools AppX Versions Execution
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects execution of Sysinternals tools via an AppX package. Attackers could install the Sysinternals Suite to get access to tools such as psexec and procdump to avoid detection based on System paths
Reference
Internal Research
Date
2023-01-16 00:00:00
Modified
2023-09-12 00:00:00
Id
d29a20b2-be4b-4827-81f2-3d8a59eab5fc
Tags
attack.defense_evasion attack.execution DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4427 from @nasbench - Multiple Fixes & Enhancements
2023-10-04