Rule Info
Name
Process Deletion of Its Own Executable
Author
Max Altgelt (Nextron Systems)
Description
Detects the deletion of a process's executable by itself. This is usually not possible without workarounds and may be used by malware to hide its traces.
Date
2024-09-03 00:00:00
Modified
None
Id
f01d1f70-cd41-42ec-9c0b-26dd9c22bf29
Tags
attack.defense-evasion DEMO
Type
Community Rule
Link to Public Repo
Rule History
Author
Title
Date
Commit
secDre4mer
Merge PR #4995 from @secDre4mer - Add `Process Deletion of Its Own Executable`
2024-09-03