Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies when rundll32 or cmd.exe is utilized to launch a malicious DLL or executable from explorer.exe. Indicative of a cmd window or LNK file executing a program or malware due to a user clicking on a file.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Cyborg Security HUNTER |
| ID | 3bc6e8ef-9e08-4626-89e9-fda87866cc82 |
| Tactics | Execution |
| Techniques | T1204.002 |
| Required Connectors | SecurityEvent |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
SecurityEvent |
✓ | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊