Suspicious Powercfg Execution To Change Lock Screen Timeout

Rule Info

Id
f8d6a15e-4bc8-4c27-8e5d-2b10f0b73e5b
Author
frack113
Name
Suspicious Powercfg Execution To Change Lock Screen Timeout
Tags
attack.defense_evasion DEMO
Date
2022-11-18 00:00:00
Modified
None
Description
Detects suspicious execution of 'Powercfg.exe' to change lock screen timeout
Type
Community Rule

Rule History

Author
Date
Commit
Title
frack113
2022-11-18
Add proc_creation_win_susp_powercfg