|
C:\Users\user\Desktop\sos.exe
|
"C:\Users\user\Desktop\sos.exe"
|
 |
|
| Is windows: |
false
|
| Is dropped: |
false
|
| PID: |
6496
|
| Target ID: |
0
|
| Parent PID: |
4004
|
| Name: |
sos.exe
|
| Path: |
C:\Users\user\Desktop\sos.exe
|
| Commandline: |
"C:\Users\user\Desktop\sos.exe"
|
| Size: |
2015232
|
| MD5: |
184303252D69A1CA88ECE7779AF9C82F
|
| Time: |
16:39:55
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
low
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0xea0000
|
| Modulesize: |
2400256
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Antivirus / Scanner detection for submitted sample |
AV Detection |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| PE file contains sections with non-standard names |
Data Obfuscation |
|
| PE file has an executable .text section and no other executable section |
System Summary |
|
| Sample might require command line arguments |
System Summary |
Command and Scripting Interpreter
|
| Spawns processes |
System Summary |
|
| Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
| Submission file is bigger than most known malware samples |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5484
|
| Target ID: |
3
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5040
|
| Target ID: |
4
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6736
|
| Target ID: |
5
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5228
|
| Target ID: |
6
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7096
|
| Target ID: |
7
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4932
|
| Target ID: |
8
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3636
|
| Target ID: |
9
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3212
|
| Target ID: |
10
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4420
|
| Target ID: |
11
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1176
|
| Target ID: |
12
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5424
|
| Target ID: |
13
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6464
|
| Target ID: |
14
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:39:59
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
high
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2128
|
| Target ID: |
15
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2328
|
| Target ID: |
16
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4828
|
| Target ID: |
17
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1492
|
| Target ID: |
18
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6368
|
| Target ID: |
19
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1616
|
| Target ID: |
20
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2864
|
| Target ID: |
21
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3380
|
| Target ID: |
22
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1804
|
| Target ID: |
23
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6992
|
| Target ID: |
24
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3300
|
| Target ID: |
25
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6848
|
| Target ID: |
26
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5388
|
| Target ID: |
27
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4600
|
| Target ID: |
28
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5960
|
| Target ID: |
29
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3260
|
| Target ID: |
30
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7148
|
| Target ID: |
31
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7140
|
| Target ID: |
32
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6908
|
| Target ID: |
33
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2988
|
| Target ID: |
34
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff66e660000
|
| Modulesize: |
892928
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2784
|
| Target ID: |
35
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1828
|
| Target ID: |
36
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2716
|
| Target ID: |
37
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2524
|
| Target ID: |
38
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3560
|
| Target ID: |
39
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3064
|
| Target ID: |
40
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4608
|
| Target ID: |
41
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:00
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6688
|
| Target ID: |
42
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5820
|
| Target ID: |
43
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5000
|
| Target ID: |
44
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5640
|
| Target ID: |
45
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4924
|
| Target ID: |
46
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6404
|
| Target ID: |
47
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5208
|
| Target ID: |
48
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2036
|
| Target ID: |
49
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
500
|
| Target ID: |
50
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1488
|
| Target ID: |
51
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2800
|
| Target ID: |
52
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6600
|
| Target ID: |
53
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3940
|
| Target ID: |
54
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3924
|
| Target ID: |
55
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5200
|
| Target ID: |
56
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2024
|
| Target ID: |
57
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1588
|
| Target ID: |
58
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3160
|
| Target ID: |
59
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3472
|
| Target ID: |
60
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff7403e0000
|
| Modulesize: |
65536
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5512
|
| Target ID: |
61
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4552
|
| Target ID: |
62
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1804
|
| Target ID: |
63
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6992
|
| Target ID: |
64
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:01
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x1c0000
|
| Modulesize: |
155648
|
| Wow64: |
true
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6912
|
| Target ID: |
65
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6864
|
| Target ID: |
66
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2820
|
| Target ID: |
67
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4892
|
| Target ID: |
68
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2404
|
| Target ID: |
69
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6336
|
| Target ID: |
70
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7136
|
| Target ID: |
71
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2744
|
| Target ID: |
72
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3852
|
| Target ID: |
73
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5812
|
| Target ID: |
74
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2784
|
| Target ID: |
75
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1828
|
| Target ID: |
76
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6860
|
| Target ID: |
77
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
356
|
| Target ID: |
78
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2836
|
| Target ID: |
79
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6844
|
| Target ID: |
80
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3560
|
| Target ID: |
81
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3064
|
| Target ID: |
82
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4608
|
| Target ID: |
83
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5056
|
| Target ID: |
84
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5324
|
| Target ID: |
85
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6440
|
| Target ID: |
86
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5336
|
| Target ID: |
87
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:02
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7096
|
| Target ID: |
88
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4932
|
| Target ID: |
89
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5208
|
| Target ID: |
90
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3212
|
| Target ID: |
91
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4420
|
| Target ID: |
92
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1176
|
| Target ID: |
93
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6424
|
| Target ID: |
94
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6464
|
| Target ID: |
95
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2128
|
| Target ID: |
96
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4416
|
| Target ID: |
97
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1364
|
| Target ID: |
98
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1492
|
| Target ID: |
99
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6368
|
| Target ID: |
100
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1656
|
| Target ID: |
101
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3472
|
| Target ID: |
102
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5512
|
| Target ID: |
103
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2244
|
| Target ID: |
104
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6796
|
| Target ID: |
105
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3300
|
| Target ID: |
106
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
988
|
| Target ID: |
107
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5268
|
| Target ID: |
108
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6456
|
| Target ID: |
109
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5272
|
| Target ID: |
110
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2120
|
| Target ID: |
111
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:03
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3908
|
| Target ID: |
112
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5224
|
| Target ID: |
113
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6908
|
| Target ID: |
114
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4092
|
| Target ID: |
115
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1216
|
| Target ID: |
116
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3500
|
| Target ID: |
117
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2656
|
| Target ID: |
118
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5972
|
| Target ID: |
119
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2884
|
| Target ID: |
120
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
368
|
| Target ID: |
121
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6752
|
| Target ID: |
122
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3000
|
| Target ID: |
123
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4512
|
| Target ID: |
124
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6688
|
| Target ID: |
125
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6736
|
| Target ID: |
126
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5228
|
| Target ID: |
127
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5012
|
| Target ID: |
128
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2888
|
| Target ID: |
129
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7120
|
| Target ID: |
130
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3892
|
| Target ID: |
131
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1808
|
| Target ID: |
132
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4420
|
| Target ID: |
133
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3648
|
| Target ID: |
134
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6420
|
| Target ID: |
135
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2328
|
| Target ID: |
136
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:04
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4828
|
| Target ID: |
137
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1088
|
| Target ID: |
138
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5144
|
| Target ID: |
139
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1616
|
| Target ID: |
140
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2864
|
| Target ID: |
141
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5368
|
| Target ID: |
142
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4552
|
| Target ID: |
143
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4084
|
| Target ID: |
144
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6976
|
| Target ID: |
145
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5308
|
| Target ID: |
146
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5156
|
| Target ID: |
147
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2820
|
| Target ID: |
148
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4892
|
| Target ID: |
149
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2404
|
| Target ID: |
150
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6336
|
| Target ID: |
151
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7136
|
| Target ID: |
152
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2744
|
| Target ID: |
153
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4032
|
| Target ID: |
154
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5360
|
| Target ID: |
155
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2704
|
| Target ID: |
156
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1828
|
| Target ID: |
157
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6860
|
| Target ID: |
158
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
356
|
| Target ID: |
159
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:05
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2836
|
| Target ID: |
160
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6844
|
| Target ID: |
161
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3560
|
| Target ID: |
162
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5500
|
| Target ID: |
163
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3992
|
| Target ID: |
164
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4512
|
| Target ID: |
165
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6688
|
| Target ID: |
166
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6736
|
| Target ID: |
167
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5228
|
| Target ID: |
168
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5012
|
| Target ID: |
169
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2888
|
| Target ID: |
170
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7120
|
| Target ID: |
171
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3892
|
| Target ID: |
172
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1808
|
| Target ID: |
173
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4420
|
| Target ID: |
174
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3648
|
| Target ID: |
175
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6600
|
| Target ID: |
176
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6972
|
| Target ID: |
177
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1548
|
| Target ID: |
178
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1584
|
| Target ID: |
179
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2024
|
| Target ID: |
180
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
420
|
| Target ID: |
181
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3160
|
| Target ID: |
182
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4072
|
| Target ID: |
183
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4560
|
| Target ID: |
184
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1804
|
| Target ID: |
185
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:06
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7128
|
| Target ID: |
186
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3300
|
| Target ID: |
187
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5156
|
| Target ID: |
188
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2820
|
| Target ID: |
189
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4892
|
| Target ID: |
190
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2404
|
| Target ID: |
191
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6336
|
| Target ID: |
192
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7136
|
| Target ID: |
193
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2744
|
| Target ID: |
194
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4032
|
| Target ID: |
195
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5360
|
| Target ID: |
196
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1216
|
| Target ID: |
197
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6716
|
| Target ID: |
198
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5908
|
| Target ID: |
199
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1456
|
| Target ID: |
200
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3204
|
| Target ID: |
201
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2524
|
| Target ID: |
202
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4876
|
| Target ID: |
203
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
964
|
| Target ID: |
204
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4608
|
| Target ID: |
205
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4512
|
| Target ID: |
206
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6688
|
| Target ID: |
207
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6440
|
| Target ID: |
208
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5336
|
| Target ID: |
209
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7096
|
| Target ID: |
210
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4932
|
| Target ID: |
211
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6308
|
| Target ID: |
212
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
500
|
| Target ID: |
213
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:07
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1176
|
| Target ID: |
214
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2800
|
| Target ID: |
215
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3648
|
| Target ID: |
216
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6600
|
| Target ID: |
217
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6972
|
| Target ID: |
218
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1548
|
| Target ID: |
219
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1492
|
| Target ID: |
220
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5648
|
| Target ID: |
221
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6368
|
| Target ID: |
222
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1656
|
| Target ID: |
223
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3472
|
| Target ID: |
224
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5368
|
| Target ID: |
225
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4552
|
| Target ID: |
226
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4084
|
| Target ID: |
227
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6864
|
| Target ID: |
228
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5308
|
| Target ID: |
229
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3796
|
| Target ID: |
230
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6980
|
| Target ID: |
231
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5272
|
| Target ID: |
232
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3260
|
| Target ID: |
233
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6336
|
| Target ID: |
234
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7136
|
| Target ID: |
235
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2744
|
| Target ID: |
236
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:08
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4032
|
| Target ID: |
237
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5360
|
| Target ID: |
238
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1216
|
| Target ID: |
239
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6716
|
| Target ID: |
240
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5908
|
| Target ID: |
241
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1456
|
| Target ID: |
242
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3204
|
| Target ID: |
243
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3000
|
| Target ID: |
244
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1924
|
| Target ID: |
245
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
964
|
| Target ID: |
246
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4608
|
| Target ID: |
247
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4512
|
| Target ID: |
248
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6688
|
| Target ID: |
249
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6440
|
| Target ID: |
250
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5336
|
| Target ID: |
251
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7096
|
| Target ID: |
252
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4932
|
| Target ID: |
253
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6308
|
| Target ID: |
254
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
500
|
| Target ID: |
255
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1176
|
| Target ID: |
256
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2800
|
| Target ID: |
257
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3648
|
| Target ID: |
258
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6600
|
| Target ID: |
259
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6972
|
| Target ID: |
260
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1584
|
| Target ID: |
261
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1588
|
| Target ID: |
262
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2024
|
| Target ID: |
263
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:09
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2864
|
| Target ID: |
264
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5512
|
| Target ID: |
265
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2244
|
| Target ID: |
266
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6796
|
| Target ID: |
267
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6976
|
| Target ID: |
268
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6848
|
| Target ID: |
269
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5268
|
| Target ID: |
270
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4600
|
| Target ID: |
271
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6620
|
| Target ID: |
272
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2120
|
| Target ID: |
273
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3908
|
| Target ID: |
274
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5224
|
| Target ID: |
275
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6908
|
| Target ID: |
276
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4092
|
| Target ID: |
277
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5112
|
| Target ID: |
278
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2704
|
| Target ID: |
279
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5360
|
| Target ID: |
280
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1216
|
| Target ID: |
281
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6716
|
| Target ID: |
282
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5908
|
| Target ID: |
283
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1456
|
| Target ID: |
284
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3204
|
| Target ID: |
285
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3000
|
| Target ID: |
286
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3992
|
| Target ID: |
287
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5820
|
| Target ID: |
288
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:10
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3212
|
| Target ID: |
289
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6736
|
| Target ID: |
290
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5228
|
| Target ID: |
291
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5012
|
| Target ID: |
292
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2888
|
| Target ID: |
293
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
7120
|
| Target ID: |
294
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3892
|
| Target ID: |
295
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1808
|
| Target ID: |
296
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4420
|
| Target ID: |
297
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3940
|
| Target ID: |
298
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2800
|
| Target ID: |
299
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3648
|
| Target ID: |
300
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5200
|
| Target ID: |
301
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2664
|
| Target ID: |
302
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5588
|
| Target ID: |
303
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5608
|
| Target ID: |
304
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2024
|
| Target ID: |
305
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2864
|
| Target ID: |
306
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5512
|
| Target ID: |
307
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2268
|
| Target ID: |
308
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6992
|
| Target ID: |
309
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1804
|
| Target ID: |
310
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6864
|
| Target ID: |
311
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4976
|
| Target ID: |
312
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5388
|
| Target ID: |
313
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3796
|
| Target ID: |
314
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6980
|
| Target ID: |
315
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:11
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5272
|
| Target ID: |
316
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5808
|
| Target ID: |
317
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2404
|
| Target ID: |
318
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6852
|
| Target ID: |
319
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5996
|
| Target ID: |
320
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3432
|
| Target ID: |
321
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
992
|
| Target ID: |
322
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3500
|
| Target ID: |
323
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1828
|
| Target ID: |
324
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6860
|
| Target ID: |
325
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
356
|
| Target ID: |
326
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2836
|
| Target ID: |
327
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2524
|
| Target ID: |
328
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff6bac90000
|
| Modulesize: |
163840
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4876
|
| Target ID: |
329
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5500
|
| Target ID: |
330
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5056
|
| Target ID: |
331
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5324
|
| Target ID: |
332
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5000
|
| Target ID: |
333
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5640
|
| Target ID: |
334
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2188
|
| Target ID: |
335
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4904
|
| Target ID: |
336
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5208
|
| Target ID: |
337
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2544
|
| Target ID: |
338
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:12
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6596
|
| Target ID: |
339
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6424
|
| Target ID: |
340
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1176
|
| Target ID: |
341
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2128
|
| Target ID: |
342
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3924
|
| Target ID: |
343
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3648
|
| Target ID: |
344
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5200
|
| Target ID: |
345
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2664
|
| Target ID: |
346
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5588
|
| Target ID: |
347
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5608
|
| Target ID: |
348
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2024
|
| Target ID: |
349
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4548
|
| Target ID: |
350
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5512
|
| Target ID: |
351
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2268
|
| Target ID: |
352
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6992
|
| Target ID: |
353
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1804
|
| Target ID: |
354
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6864
|
| Target ID: |
355
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4976
|
| Target ID: |
356
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5388
|
| Target ID: |
357
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3796
|
| Target ID: |
358
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6980
|
| Target ID: |
359
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5272
|
| Target ID: |
360
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5808
|
| Target ID: |
361
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
2404
|
| Target ID: |
362
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
6852
|
| Target ID: |
363
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5996
|
| Target ID: |
364
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
4092
|
| Target ID: |
365
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
5112
|
| Target ID: |
366
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:13
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
3328
|
| Target ID: |
367
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
cmd
|
| Path: |
C:\Windows\System32\cmd.exe
|
| Commandline: |
cmd /c
|
| Size: |
289792
|
| MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
| Time: |
16:40:14
|
| Date: |
01/08/2024
|
| Reason: |
newprocess
|
| Reputation: |
timeout
|
| Is admin: |
true
|
| Is elevated: |
true
|
| Modulebase: |
0x7ff635e80000
|
| Modulesize: |
421888
|
| Wow64: |
false
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Spawns processes |
System Summary |
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
| Is windows: |
true
|
| Is dropped: |
false
|
| PID: |
1828
|
| Target ID: |
369
|
| Parent PID: |
6496
|
| Name: |
cmd.exe
|
| Class: |
|
