Suspicious Execution of SystemSettings

Rule Info

Name
Suspicious Execution of SystemSettings
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects the execution of SystemSettings.exe from non-standard paths or with different metadata than original. This may indicate a malicious attempt to disguise as a legitimate application. Adversaries often mimic their malware as legitimate executables to evade detection, blend in with normal system activity, and exploit trust in known system files.
Reference
https://x.com/anyrun_app/status/1889995000525512993
Date
2025-02-21 00:00:00
Modified
None
Id
feef4082-e9cc-46a0-8e87-c7c8603a2325
Tags
attack.defense-evasion attack.t1036.005
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022