Stopping multiple processes using taskkill

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Content Index

This query checks for attempts to stop at least 10 separate processes using the taskkill.exe utility. Run query

Attribute Value
Type Hunting Query
Solution GitHub Only
ID f8e4bee5-bc59-45f9-86e5-3b0a1bd1b572
Tactics Ransomware
Required Connectors MicrosoftThreatProtection
Source [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Ransomware/Stopping%20multiple%20processes%20using%20taskkill.yaml)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Hunting Queries