C:\Users\user\Desktop\sos.exe
|
"C:\Users\user\Desktop\sos.exe"
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
980
|
Target ID: |
0
|
Parent PID: |
2580
|
Name: |
sos.exe
|
Path: |
C:\Users\user\Desktop\sos.exe
|
Commandline: |
"C:\Users\user\Desktop\sos.exe"
|
Size: |
2015232
|
MD5: |
184303252D69A1CA88ECE7779AF9C82F
|
Time: |
16:37:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
low
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0xb00000
|
Modulesize: |
2400256
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus / Scanner detection for submitted sample |
AV Detection |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
PE file contains sections with non-standard names |
Data Obfuscation |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Sample might require command line arguments |
System Summary |
Command and Scripting Interpreter
|
Spawns processes |
System Summary |
|
Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
Submission file is bigger than most known malware samples |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7672
|
Target ID: |
6
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7688
|
Target ID: |
7
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7708
|
Target ID: |
8
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7724
|
Target ID: |
9
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7740
|
Target ID: |
10
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7756
|
Target ID: |
11
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7772
|
Target ID: |
12
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7788
|
Target ID: |
13
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7804
|
Target ID: |
14
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7820
|
Target ID: |
15
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7836
|
Target ID: |
16
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7852
|
Target ID: |
17
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7868
|
Target ID: |
18
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7884
|
Target ID: |
19
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7900
|
Target ID: |
20
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7916
|
Target ID: |
21
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7932
|
Target ID: |
22
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7948
|
Target ID: |
23
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7964
|
Target ID: |
24
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7980
|
Target ID: |
25
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7996
|
Target ID: |
26
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8012
|
Target ID: |
27
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8028
|
Target ID: |
28
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8044
|
Target ID: |
29
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8060
|
Target ID: |
30
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8076
|
Target ID: |
31
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8092
|
Target ID: |
32
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8108
|
Target ID: |
33
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8124
|
Target ID: |
34
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8140
|
Target ID: |
35
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8156
|
Target ID: |
36
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8168
|
Target ID: |
37
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8184
|
Target ID: |
38
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7172
|
Target ID: |
39
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7252
|
Target ID: |
40
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6316
|
Target ID: |
41
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6880
|
Target ID: |
42
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff70f330000
|
Modulesize: |
36864
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2104
|
Target ID: |
43
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
44
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1060
|
Target ID: |
45
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2596
|
Target ID: |
46
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5720
|
Target ID: |
47
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2316
|
Target ID: |
48
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3052
|
Target ID: |
49
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7312
|
Target ID: |
50
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2308
|
Target ID: |
51
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3492
|
Target ID: |
52
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1016
|
Target ID: |
53
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2056
|
Target ID: |
54
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7424
|
Target ID: |
55
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7436
|
Target ID: |
56
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7420
|
Target ID: |
57
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
420
|
Target ID: |
58
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2212
|
Target ID: |
59
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2488
|
Target ID: |
60
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1236
|
Target ID: |
61
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7496
|
Target ID: |
62
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7532
|
Target ID: |
63
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7552
|
Target ID: |
64
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7484
|
Target ID: |
65
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7492
|
Target ID: |
66
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6104
|
Target ID: |
67
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6240
|
Target ID: |
68
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6288
|
Target ID: |
69
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6848
|
Target ID: |
70
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6916
|
Target ID: |
71
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6968
|
Target ID: |
72
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7148
|
Target ID: |
73
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6680
|
Target ID: |
74
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:37:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6852
|
Target ID: |
75
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7068
|
Target ID: |
76
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7164
|
Target ID: |
77
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3760
|
Target ID: |
78
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1880
|
Target ID: |
79
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4228
|
Target ID: |
80
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1888
|
Target ID: |
81
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3396
|
Target ID: |
82
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7564
|
Target ID: |
83
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7236
|
Target ID: |
84
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4452
|
Target ID: |
85
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6020
|
Target ID: |
86
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7576
|
Target ID: |
87
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3896
|
Target ID: |
88
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3520
|
Target ID: |
89
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7372
|
Target ID: |
90
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
792
|
Target ID: |
91
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1436
|
Target ID: |
92
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1396
|
Target ID: |
93
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2148
|
Target ID: |
94
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3128
|
Target ID: |
95
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1168
|
Target ID: |
96
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
652
|
Target ID: |
97
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1284
|
Target ID: |
98
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5228
|
Target ID: |
99
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2176
|
Target ID: |
100
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2024
|
Target ID: |
101
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5180
|
Target ID: |
102
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3408
|
Target ID: |
103
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3672
|
Target ID: |
104
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3448
|
Target ID: |
105
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3992
|
Target ID: |
106
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2128
|
Target ID: |
107
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5292
|
Target ID: |
108
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3716
|
Target ID: |
109
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5776
|
Target ID: |
110
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
764
|
Target ID: |
111
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2720
|
Target ID: |
112
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1856
|
Target ID: |
113
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2120
|
Target ID: |
114
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7684
|
Target ID: |
115
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7704
|
Target ID: |
116
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7720
|
Target ID: |
117
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7708
|
Target ID: |
118
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7724
|
Target ID: |
119
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7752
|
Target ID: |
120
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7768
|
Target ID: |
121
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7784
|
Target ID: |
122
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7800
|
Target ID: |
123
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7816
|
Target ID: |
124
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7828
|
Target ID: |
125
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7848
|
Target ID: |
126
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7864
|
Target ID: |
127
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7880
|
Target ID: |
128
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7896
|
Target ID: |
129
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7912
|
Target ID: |
130
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7928
|
Target ID: |
131
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7944
|
Target ID: |
132
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7960
|
Target ID: |
133
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7976
|
Target ID: |
134
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7992
|
Target ID: |
135
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8004
|
Target ID: |
136
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8024
|
Target ID: |
137
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8040
|
Target ID: |
138
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8056
|
Target ID: |
139
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8072
|
Target ID: |
140
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8088
|
Target ID: |
141
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4556
|
Target ID: |
142
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8092
|
Target ID: |
143
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8108
|
Target ID: |
144
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8124
|
Target ID: |
145
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8140
|
Target ID: |
146
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8176
|
Target ID: |
147
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7180
|
Target ID: |
148
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5212
|
Target ID: |
149
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7264
|
Target ID: |
150
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6884
|
Target ID: |
151
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7020
|
Target ID: |
152
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5928
|
Target ID: |
153
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6880
|
Target ID: |
154
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2104
|
Target ID: |
155
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
156
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1196
|
Target ID: |
157
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1804
|
Target ID: |
158
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
928
|
Target ID: |
159
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2200
|
Target ID: |
160
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7316
|
Target ID: |
161
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2044
|
Target ID: |
162
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1352
|
Target ID: |
163
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4108
|
Target ID: |
164
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff72bec0000
|
Modulesize: |
135168
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5840
|
Target ID: |
165
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5916
|
Target ID: |
166
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2056
|
Target ID: |
167
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7424
|
Target ID: |
168
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7436
|
Target ID: |
169
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7420
|
Target ID: |
170
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
420
|
Target ID: |
171
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2212
|
Target ID: |
172
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2488
|
Target ID: |
173
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1236
|
Target ID: |
174
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7544
|
Target ID: |
175
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7488
|
Target ID: |
176
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7512
|
Target ID: |
177
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
280
|
Target ID: |
178
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3156
|
Target ID: |
179
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6248
|
Target ID: |
180
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6652
|
Target ID: |
181
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6876
|
Target ID: |
182
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6964
|
Target ID: |
183
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7132
|
Target ID: |
184
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6148
|
Target ID: |
185
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6728
|
Target ID: |
186
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6992
|
Target ID: |
187
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7116
|
Target ID: |
188
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5956
|
Target ID: |
189
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7164
|
Target ID: |
190
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3760
|
Target ID: |
191
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1880
|
Target ID: |
192
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4228
|
Target ID: |
193
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1888
|
Target ID: |
194
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3396
|
Target ID: |
195
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7564
|
Target ID: |
196
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7236
|
Target ID: |
197
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5644
|
Target ID: |
198
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
416
|
Target ID: |
199
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4048
|
Target ID: |
200
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7476
|
Target ID: |
201
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7372
|
Target ID: |
202
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
792
|
Target ID: |
203
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1436
|
Target ID: |
204
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1396
|
Target ID: |
205
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7612
|
Target ID: |
206
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2848
|
Target ID: |
207
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1548
|
Target ID: |
208
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
652
|
Target ID: |
209
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1784
|
Target ID: |
210
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1988
|
Target ID: |
211
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2252
|
Target ID: |
212
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2024
|
Target ID: |
213
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5180
|
Target ID: |
214
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2920
|
Target ID: |
215
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3672
|
Target ID: |
216
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3448
|
Target ID: |
217
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3992
|
Target ID: |
218
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
736
|
Target ID: |
219
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5292
|
Target ID: |
220
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3716
|
Target ID: |
221
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3912
|
Target ID: |
222
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5808
|
Target ID: |
223
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3612
|
Target ID: |
224
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1404
|
Target ID: |
225
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7672
|
Target ID: |
226
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7688
|
Target ID: |
227
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7716
|
Target ID: |
228
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7728
|
Target ID: |
229
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3740
|
Target ID: |
230
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7740
|
Target ID: |
231
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7756
|
Target ID: |
232
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7780
|
Target ID: |
233
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7768
|
Target ID: |
234
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7800
|
Target ID: |
235
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7816
|
Target ID: |
236
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7836
|
Target ID: |
237
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7828
|
Target ID: |
238
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7852
|
Target ID: |
239
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7876
|
Target ID: |
240
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7892
|
Target ID: |
241
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7916
|
Target ID: |
242
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2136
|
Target ID: |
243
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7936
|
Target ID: |
244
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7952
|
Target ID: |
245
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7972
|
Target ID: |
246
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7992
|
Target ID: |
247
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8004
|
Target ID: |
248
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8020
|
Target ID: |
249
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8036
|
Target ID: |
250
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8048
|
Target ID: |
251
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8068
|
Target ID: |
252
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8080
|
Target ID: |
253
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8104
|
Target ID: |
254
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8092
|
Target ID: |
255
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8108
|
Target ID: |
256
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8124
|
Target ID: |
257
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8140
|
Target ID: |
258
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8184
|
Target ID: |
259
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5124
|
Target ID: |
260
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7172
|
Target ID: |
261
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7252
|
Target ID: |
262
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6316
|
Target ID: |
263
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7268
|
Target ID: |
264
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4456
|
Target ID: |
265
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5852
|
Target ID: |
266
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
267
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2992
|
Target ID: |
268
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1612
|
Target ID: |
269
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
928
|
Target ID: |
270
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2200
|
Target ID: |
271
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5344
|
Target ID: |
272
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3756
|
Target ID: |
273
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2416
|
Target ID: |
274
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3492
|
Target ID: |
275
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5316
|
Target ID: |
276
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1188
|
Target ID: |
277
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7428
|
Target ID: |
278
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2160
|
Target ID: |
279
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7444
|
Target ID: |
280
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7452
|
Target ID: |
281
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7408
|
Target ID: |
282
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1608
|
Target ID: |
283
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5252
|
Target ID: |
284
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7500
|
Target ID: |
285
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7540
|
Target ID: |
286
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7536
|
Target ID: |
287
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7524
|
Target ID: |
288
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7520
|
Target ID: |
289
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4856
|
Target ID: |
290
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5948
|
Target ID: |
291
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6244
|
Target ID: |
292
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6444
|
Target ID: |
293
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6872
|
Target ID: |
294
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6920
|
Target ID: |
295
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7148
|
Target ID: |
296
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7132
|
Target ID: |
297
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6728
|
Target ID: |
298
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6992
|
Target ID: |
299
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7116
|
Target ID: |
300
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3332
|
Target ID: |
301
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2944
|
Target ID: |
302
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1144
|
Target ID: |
303
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7208
|
Target ID: |
304
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4460
|
Target ID: |
305
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4364
|
Target ID: |
306
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6436
|
Target ID: |
307
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4140
|
Target ID: |
308
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5668
|
Target ID: |
309
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1896
|
Target ID: |
310
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3164
|
Target ID: |
311
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4264
|
Target ID: |
312
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4488
|
Target ID: |
313
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2412
|
Target ID: |
314
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7576
|
Target ID: |
315
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5684
|
Target ID: |
316
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6072
|
Target ID: |
317
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5184
|
Target ID: |
318
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5496
|
Target ID: |
319
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5576
|
Target ID: |
320
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5896
|
Target ID: |
321
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3524
|
Target ID: |
322
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2932
|
Target ID: |
323
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2472
|
Target ID: |
324
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7714f0000
|
Modulesize: |
163840
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7476
|
Target ID: |
325
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2300
|
Target ID: |
326
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2912
|
Target ID: |
327
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1448
|
Target ID: |
328
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3852
|
Target ID: |
329
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5516
|
Target ID: |
330
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4624
|
Target ID: |
331
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff726ad0000
|
Modulesize: |
1712128
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4480
|
Target ID: |
332
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3496
|
Target ID: |
333
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1168
|
Target ID: |
334
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5932
|
Target ID: |
335
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3288
|
Target ID: |
336
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1548
|
Target ID: |
337
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2020
|
Target ID: |
338
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1516
|
Target ID: |
339
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5828
|
Target ID: |
340
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3300
|
Target ID: |
341
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1784
|
Target ID: |
342
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
824
|
Target ID: |
343
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6160
|
Target ID: |
344
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1988
|
Target ID: |
345
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2228
|
Target ID: |
346
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2112
|
Target ID: |
347
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6212
|
Target ID: |
348
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2324
|
Target ID: |
349
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3344
|
Target ID: |
350
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6300
|
Target ID: |
351
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6372
|
Target ID: |
352
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6408
|
Target ID: |
353
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2920
|
Target ID: |
354
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6464
|
Target ID: |
355
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6528
|
Target ID: |
356
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6576
|
Target ID: |
357
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2676
|
Target ID: |
358
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3672
|
Target ID: |
359
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4340
|
Target ID: |
360
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6676
|
Target ID: |
361
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5080
|
Target ID: |
362
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6760
|
Target ID: |
363
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3900
|
Target ID: |
364
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6796
|
Target ID: |
365
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6840
|
Target ID: |
366
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
396
|
Target ID: |
367
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1664
|
Target ID: |
368
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2836
|
Target ID: |
369
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6952
|
Target ID: |
370
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5808
|
Target ID: |
371
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2720
|
Target ID: |
372
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7036
|
Target ID: |
373
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7084
|
Target ID: |
374
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5272
|
Target ID: |
375
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7684
|
Target ID: |
376
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
940
|
Target ID: |
377
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7700
|
Target ID: |
378
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6336
|
Target ID: |
379
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6412
|
Target ID: |
380
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7712
|
Target ID: |
381
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6636
|
Target ID: |
382
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7732
|
Target ID: |
383
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2908
|
Target ID: |
384
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7752
|
Target ID: |
385
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7772
|
Target ID: |
386
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7776
|
Target ID: |
387
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7796
|
Target ID: |
388
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7808
|
Target ID: |
389
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7832
|
Target ID: |
390
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7844
|
Target ID: |
391
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7860
|
Target ID: |
392
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7864
|
Target ID: |
393
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7880
|
Target ID: |
394
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7896
|
Target ID: |
395
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7924
|
Target ID: |
396
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7940
|
Target ID: |
397
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7948
|
Target ID: |
398
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7960
|
Target ID: |
399
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7984
|
Target ID: |
400
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8008
|
Target ID: |
401
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8016
|
Target ID: |
402
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8024
|
Target ID: |
403
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8040
|
Target ID: |
404
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8056
|
Target ID: |
405
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8072
|
Target ID: |
406
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8088
|
Target ID: |
407
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8112
|
Target ID: |
408
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff68cef0000
|
Modulesize: |
28672
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8132
|
Target ID: |
409
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8148
|
Target ID: |
410
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8164
|
Target ID: |
411
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8168
|
Target ID: |
412
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8188
|
Target ID: |
413
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5168
|
Target ID: |
414
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4500
|
Target ID: |
415
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2504
|
Target ID: |
416
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6440
|
Target ID: |
417
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5928
|
Target ID: |
418
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7268
|
Target ID: |
419
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4456
|
Target ID: |
420
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7364
|
Target ID: |
421
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6112
|
Target ID: |
422
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2596
|
Target ID: |
423
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4548
|
Target ID: |
424
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7336
|
Target ID: |
425
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7392
|
Target ID: |
426
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7332
|
Target ID: |
427
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7324
|
Target ID: |
428
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2200
|
Target ID: |
429
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5344
|
Target ID: |
430
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3756
|
Target ID: |
431
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4128
|
Target ID: |
432
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7412
|
Target ID: |
433
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5236
|
Target ID: |
434
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2208
|
Target ID: |
435
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7400
|
Target ID: |
436
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7460
|
Target ID: |
437
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7464
|
Target ID: |
438
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7456
|
Target ID: |
439
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2724
|
Target ID: |
440
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2288
|
Target ID: |
441
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7496
|
Target ID: |
442
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7532
|
Target ID: |
443
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7552
|
Target ID: |
444
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7484
|
Target ID: |
445
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7492
|
Target ID: |
446
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6104
|
Target ID: |
447
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6240
|
Target ID: |
448
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5624
|
Target ID: |
449
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6244
|
Target ID: |
450
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6652
|
Target ID: |
451
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6876
|
Target ID: |
452
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6968
|
Target ID: |
453
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6152
|
Target ID: |
454
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6680
|
Target ID: |
455
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6928
|
Target ID: |
456
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7092
|
Target ID: |
457
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7160
|
Target ID: |
458
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6120
|
Target ID: |
459
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3760
|
Target ID: |
460
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1880
|
Target ID: |
461
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4228
|
Target ID: |
462
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4088
|
Target ID: |
463
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4336
|
Target ID: |
464
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4276
|
Target ID: |
465
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7564
|
Target ID: |
466
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3720
|
Target ID: |
467
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7236
|
Target ID: |
468
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4940
|
Target ID: |
469
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5336
|
Target ID: |
470
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5644
|
Target ID: |
471
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5284
|
Target ID: |
472
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7192
|
Target ID: |
473
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7576
|
Target ID: |
474
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:16
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4312
|
Target ID: |
475
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4048
|
Target ID: |
476
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3520
|
Target ID: |
477
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1832
|
Target ID: |
478
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
796
|
Target ID: |
479
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5896
|
Target ID: |
480
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3524
|
Target ID: |
481
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2932
|
Target ID: |
482
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2472
|
Target ID: |
483
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7476
|
Target ID: |
484
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7f74b0000
|
Modulesize: |
430080
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2300
|
Target ID: |
485
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2912
|
Target ID: |
486
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1448
|
Target ID: |
487
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3852
|
Target ID: |
488
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5516
|
Target ID: |
489
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4624
|
Target ID: |
490
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6048
|
Target ID: |
491
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
412
|
Target ID: |
492
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff68cef0000
|
Modulesize: |
28672
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
344
|
Target ID: |
493
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1340
|
Target ID: |
494
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3652
|
Target ID: |
495
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5460
|
Target ID: |
496
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
652
|
Target ID: |
497
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2892
|
Target ID: |
498
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3176
|
Target ID: |
499
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:17
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4916
|
Target ID: |
500
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1784
|
Target ID: |
501
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
824
|
Target ID: |
502
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6160
|
Target ID: |
503
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1988
|
Target ID: |
504
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2228
|
Target ID: |
505
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2112
|
Target ID: |
506
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6212
|
Target ID: |
507
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6192
|
Target ID: |
508
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3916
|
Target ID: |
509
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6312
|
Target ID: |
510
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6376
|
Target ID: |
511
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3004
|
Target ID: |
512
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6420
|
Target ID: |
513
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6512
|
Target ID: |
514
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6564
|
Target ID: |
515
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6580
|
Target ID: |
516
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2344
|
Target ID: |
517
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3228
|
Target ID: |
518
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6664
|
Target ID: |
519
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6700
|
Target ID: |
520
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3992
|
Target ID: |
521
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6784
|
Target ID: |
522
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
736
|
Target ID: |
523
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6812
|
Target ID: |
524
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6828
|
Target ID: |
525
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
396
|
Target ID: |
526
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2496
|
Target ID: |
527
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:18
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5776
|
Target ID: |
528
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1344
|
Target ID: |
529
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6996
|
Target ID: |
530
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3612
|
Target ID: |
531
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7060
|
Target ID: |
532
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5380
|
Target ID: |
533
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7108
|
Target ID: |
534
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7676
|
Target ID: |
535
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6276
|
Target ID: |
536
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6296
|
Target ID: |
537
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7688
|
Target ID: |
538
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6492
|
Target ID: |
539
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6508
|
Target ID: |
540
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6632
|
Target ID: |
541
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7728
|
Target ID: |
542
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3740
|
Target ID: |
543
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7744
|
Target ID: |
544
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7764
|
Target ID: |
545
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7784
|
Target ID: |
546
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7768
|
Target ID: |
547
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7800
|
Target ID: |
548
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7820
|
Target ID: |
549
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7836
|
Target ID: |
550
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:19
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7872
|
Target ID: |
551
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7852
|
Target ID: |
552
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7cd660000
|
Modulesize: |
929792
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7912
|
Target ID: |
553
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7892
|
Target ID: |
554
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7916
|
Target ID: |
555
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7956
|
Target ID: |
556
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7936
|
Target ID: |
557
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7988
|
Target ID: |
558
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7972
|
Target ID: |
559
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7992
|
Target ID: |
560
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8032
|
Target ID: |
561
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8052
|
Target ID: |
562
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8060
|
Target ID: |
563
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8084
|
Target ID: |
564
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8100
|
Target ID: |
565
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4008
|
Target ID: |
566
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8104
|
Target ID: |
567
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8092
|
Target ID: |
568
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8144
|
Target ID: |
569
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8124
|
Target ID: |
570
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7176
|
Target ID: |
571
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5212
|
Target ID: |
572
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7264
|
Target ID: |
573
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6884
|
Target ID: |
574
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:20
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7020
|
Target ID: |
575
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6944
|
Target ID: |
576
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7352
|
Target ID: |
577
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2520
|
Target ID: |
578
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7288
|
Target ID: |
579
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7364
|
Target ID: |
580
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
581
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4476
|
Target ID: |
582
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1612
|
Target ID: |
583
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7384
|
Target ID: |
584
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7980
|
Target ID: |
585
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2260
|
Target ID: |
586
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
928
|
Target ID: |
587
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7312
|
Target ID: |
588
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2308
|
Target ID: |
589
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1352
|
Target ID: |
590
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4108
|
Target ID: |
591
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5840
|
Target ID: |
592
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5916
|
Target ID: |
593
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5448
|
Target ID: |
594
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7416
|
Target ID: |
595
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7448
|
Target ID: |
596
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:21
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7436
|
Target ID: |
597
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3412
|
Target ID: |
598
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
420
|
Target ID: |
599
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2212
|
Target ID: |
600
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2488
|
Target ID: |
601
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7548
|
Target ID: |
602
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7544
|
Target ID: |
603
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7524
|
Target ID: |
604
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7520
|
Target ID: |
605
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7492
|
Target ID: |
606
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6104
|
Target ID: |
607
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6240
|
Target ID: |
608
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6288
|
Target ID: |
609
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6244
|
Target ID: |
610
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6652
|
Target ID: |
611
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6876
|
Target ID: |
612
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6764
|
Target ID: |
613
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6948
|
Target ID: |
614
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7072
|
Target ID: |
615
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5956
|
Target ID: |
616
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1748
|
Target ID: |
617
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5288
|
Target ID: |
618
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2084
|
Target ID: |
619
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1144
|
Target ID: |
620
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:22
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff612770000
|
Modulesize: |
720896
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7208
|
Target ID: |
621
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4084
|
Target ID: |
622
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1888
|
Target ID: |
623
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3396
|
Target ID: |
624
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3488
|
Target ID: |
625
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5668
|
Target ID: |
626
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1896
|
Target ID: |
627
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3164
|
Target ID: |
628
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7a2ae0000
|
Modulesize: |
73728
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6052
|
Target ID: |
629
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5336
|
Target ID: |
630
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5644
|
Target ID: |
631
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5284
|
Target ID: |
632
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5132
|
Target ID: |
633
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7192
|
Target ID: |
634
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7576
|
Target ID: |
635
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4312
|
Target ID: |
636
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4048
|
Target ID: |
637
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3520
|
Target ID: |
638
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1832
|
Target ID: |
639
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
796
|
Target ID: |
640
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5896
|
Target ID: |
641
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3524
|
Target ID: |
642
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2932
|
Target ID: |
643
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4428
|
Target ID: |
644
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4504
|
Target ID: |
645
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3260
|
Target ID: |
646
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3368
|
Target ID: |
647
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5052
|
Target ID: |
648
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:23
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4812
|
Target ID: |
649
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3940
|
Target ID: |
650
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4480
|
Target ID: |
651
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3120
|
Target ID: |
652
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4628
|
Target ID: |
653
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1640
|
Target ID: |
654
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5756
|
Target ID: |
655
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1284
|
Target ID: |
656
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4520
|
Target ID: |
657
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4080
|
Target ID: |
658
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
652
|
Target ID: |
659
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3300
|
Target ID: |
660
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4908
|
Target ID: |
661
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6156
|
Target ID: |
662
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2176
|
Target ID: |
663
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5728
|
Target ID: |
664
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6180
|
Target ID: |
665
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2252
|
Target ID: |
666
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2436
|
Target ID: |
667
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2024
|
Target ID: |
668
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5180
|
Target ID: |
669
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6324
|
Target ID: |
670
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6360
|
Target ID: |
671
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3408
|
Target ID: |
672
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:24
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6456
|
Target ID: |
673
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6484
|
Target ID: |
674
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6548
|
Target ID: |
675
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6600
|
Target ID: |
676
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6612
|
Target ID: |
677
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3104
|
Target ID: |
678
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3448
|
Target ID: |
679
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4340
|
Target ID: |
680
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6676
|
Target ID: |
681
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5080
|
Target ID: |
682
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6760
|
Target ID: |
683
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3900
|
Target ID: |
684
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5804
|
Target ID: |
685
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5812
|
Target ID: |
686
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6900
|
Target ID: |
687
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1664
|
Target ID: |
688
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5444
|
Target ID: |
689
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5332
|
Target ID: |
690
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1244
|
Target ID: |
691
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2720
|
Target ID: |
692
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7048
|
Target ID: |
693
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7084
|
Target ID: |
694
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7672
|
Target ID: |
695
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7704
|
Target ID: |
696
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
940
|
Target ID: |
697
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6472
|
Target ID: |
698
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7720
|
Target ID: |
699
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6412
|
Target ID: |
700
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:25
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7712
|
Target ID: |
701
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6636
|
Target ID: |
702
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6904
|
Target ID: |
703
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2908
|
Target ID: |
704
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7752
|
Target ID: |
705
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7772
|
Target ID: |
706
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7788
|
Target ID: |
707
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7804
|
Target ID: |
708
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7816
|
Target ID: |
709
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7840
|
Target ID: |
710
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7828
|
Target ID: |
711
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7888
|
Target ID: |
712
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7864
|
Target ID: |
713
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7920
|
Target ID: |
714
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7932
|
Target ID: |
715
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1852
|
Target ID: |
716
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2136
|
Target ID: |
717
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7952
|
Target ID: |
718
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7976
|
Target ID: |
719
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7996
|
Target ID: |
720
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8004
|
Target ID: |
721
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8016
|
Target ID: |
722
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8024
|
Target ID: |
723
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8076
|
Target ID: |
724
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8096
|
Target ID: |
725
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:26
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8116
|
Target ID: |
726
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8136
|
Target ID: |
727
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8152
|
Target ID: |
728
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8160
|
Target ID: |
729
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8148
|
Target ID: |
730
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8164
|
Target ID: |
731
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8140
|
Target ID: |
732
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7180
|
Target ID: |
733
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2164
|
Target ID: |
734
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7172
|
Target ID: |
735
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7252
|
Target ID: |
736
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3688
|
Target ID: |
737
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3668
|
Target ID: |
738
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2664
|
Target ID: |
739
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1060
|
Target ID: |
740
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1804
|
Target ID: |
741
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
742
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2596
|
Target ID: |
743
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4548
|
Target ID: |
744
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7336
|
Target ID: |
745
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7392
|
Target ID: |
746
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
908
|
Target ID: |
747
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7316
|
Target ID: |
748
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2200
|
Target ID: |
749
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5344
|
Target ID: |
750
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3756
|
Target ID: |
751
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4108
|
Target ID: |
752
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5840
|
Target ID: |
753
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3888
|
Target ID: |
754
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7432
|
Target ID: |
755
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2056
|
Target ID: |
756
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:27
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7424
|
Target ID: |
757
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5716
|
Target ID: |
758
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7420
|
Target ID: |
759
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1608
|
Target ID: |
760
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5428
|
Target ID: |
761
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7504
|
Target ID: |
762
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1236
|
Target ID: |
763
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7552
|
Target ID: |
764
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7508
|
Target ID: |
765
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7520
|
Target ID: |
766
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7492
|
Target ID: |
767
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6104
|
Target ID: |
768
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6352
|
Target ID: |
769
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6444
|
Target ID: |
770
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6872
|
Target ID: |
771
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6148
|
Target ID: |
772
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6152
|
Target ID: |
773
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6680
|
Target ID: |
774
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5852
|
Target ID: |
775
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7072
|
Target ID: |
776
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff72c440000
|
Modulesize: |
847872
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5956
|
Target ID: |
777
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1748
|
Target ID: |
778
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5688
|
Target ID: |
779
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:28
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3760
|
Target ID: |
780
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5904
|
Target ID: |
781
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2792
|
Target ID: |
782
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4460
|
Target ID: |
783
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4364
|
Target ID: |
784
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff72c440000
|
Modulesize: |
847872
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4124
|
Target ID: |
785
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3488
|
Target ID: |
786
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5668
|
Target ID: |
787
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1896
|
Target ID: |
788
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3164
|
Target ID: |
789
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6052
|
Target ID: |
790
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2060
|
Target ID: |
791
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7188
|
Target ID: |
792
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4496
|
Target ID: |
793
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
416
|
Target ID: |
794
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7192
|
Target ID: |
795
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7576
|
Target ID: |
796
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4312
|
Target ID: |
797
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4048
|
Target ID: |
798
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3520
|
Target ID: |
799
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1832
|
Target ID: |
800
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
796
|
Target ID: |
801
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5896
|
Target ID: |
802
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3524
|
Target ID: |
803
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7372
|
Target ID: |
804
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3152
|
Target ID: |
805
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
792
|
Target ID: |
806
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1436
|
Target ID: |
807
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3128
|
Target ID: |
808
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:29
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7612
|
Target ID: |
809
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3264
|
Target ID: |
810
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2848
|
Target ID: |
811
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3496
|
Target ID: |
812
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1168
|
Target ID: |
813
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4248
|
Target ID: |
814
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
984
|
Target ID: |
815
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2196
|
Target ID: |
816
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4416
|
Target ID: |
817
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1516
|
Target ID: |
818
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3664
|
Target ID: |
819
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5228
|
Target ID: |
820
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5084
|
Target ID: |
821
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5628
|
Target ID: |
822
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1464
|
Target ID: |
823
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6176
|
Target ID: |
824
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1988
|
Target ID: |
825
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6188
|
Target ID: |
826
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2328
|
Target ID: |
827
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6212
|
Target ID: |
828
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6272
|
Target ID: |
829
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3344
|
Target ID: |
830
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6388
|
Target ID: |
831
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6372
|
Target ID: |
832
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6408
|
Target ID: |
833
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2920
|
Target ID: |
834
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6552
|
Target ID: |
835
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:30
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6528
|
Target ID: |
836
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6628
|
Target ID: |
837
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3588
|
Target ID: |
838
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6640
|
Target ID: |
839
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6664
|
Target ID: |
840
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6700
|
Target ID: |
841
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3992
|
Target ID: |
842
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6748
|
Target ID: |
843
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
736
|
Target ID: |
844
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6812
|
Target ID: |
845
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3716
|
Target ID: |
846
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4564
|
Target ID: |
847
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
764
|
Target ID: |
848
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7012
|
Target ID: |
849
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7024
|
Target ID: |
850
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7064
|
Target ID: |
851
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3612
|
Target ID: |
852
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7096
|
Target ID: |
853
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5380
|
Target ID: |
854
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6256
|
Target ID: |
855
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7692
|
Target ID: |
856
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6416
|
Target ID: |
857
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3428
|
Target ID: |
858
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7716
|
Target ID: |
859
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:31
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7720
|
Target ID: |
860
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6412
|
Target ID: |
861
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7712
|
Target ID: |
862
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6636
|
Target ID: |
863
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6904
|
Target ID: |
864
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2908
|
Target ID: |
865
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7752
|
Target ID: |
866
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7784
|
Target ID: |
867
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7768
|
Target ID: |
868
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7800
|
Target ID: |
869
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7856
|
Target ID: |
870
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7836
|
Target ID: |
871
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7828
|
Target ID: |
872
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7888
|
Target ID: |
873
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7912
|
Target ID: |
874
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7892
|
Target ID: |
875
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7932
|
Target ID: |
876
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1852
|
Target ID: |
877
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2136
|
Target ID: |
878
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7952
|
Target ID: |
879
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7988
|
Target ID: |
880
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:32
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7972
|
Target ID: |
881
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7976
|
Target ID: |
882
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8004
|
Target ID: |
883
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8016
|
Target ID: |
884
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8060
|
Target ID: |
885
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8084
|
Target ID: |
886
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8068
|
Target ID: |
887
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4008
|
Target ID: |
888
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8136
|
Target ID: |
889
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8152
|
Target ID: |
890
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8160
|
Target ID: |
891
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8148
|
Target ID: |
892
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8164
|
Target ID: |
893
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5168
|
Target ID: |
894
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4500
|
Target ID: |
895
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2504
|
Target ID: |
896
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1668
|
Target ID: |
897
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6880
|
Target ID: |
898
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2104
|
Target ID: |
899
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1196
|
Target ID: |
900
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
744
|
Target ID: |
901
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5720
|
Target ID: |
902
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
904
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:33
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7404
|
Target ID: |
905
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7980
|
Target ID: |
906
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7316
|
Target ID: |
907
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2200
|
Target ID: |
908
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5344
|
Target ID: |
909
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1016
|
Target ID: |
910
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4108
|
Target ID: |
911
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2208
|
Target ID: |
912
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7400
|
Target ID: |
913
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7460
|
Target ID: |
914
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7464
|
Target ID: |
915
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7456
|
Target ID: |
916
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0xcf0000
|
Modulesize: |
155648
|
Wow64: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5992
|
Target ID: |
917
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7420
|
Target ID: |
918
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1608
|
Target ID: |
919
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7536
|
Target ID: |
920
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7528
|
Target ID: |
921
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7488
|
Target ID: |
922
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7552
|
Target ID: |
923
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7508
|
Target ID: |
924
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7520
|
Target ID: |
925
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7492
|
Target ID: |
926
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6104
|
Target ID: |
927
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6352
|
Target ID: |
928
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6652
|
Target ID: |
929
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:34
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6876
|
Target ID: |
930
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6764
|
Target ID: |
931
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6152
|
Target ID: |
932
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6948
|
Target ID: |
933
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5852
|
Target ID: |
934
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7092
|
Target ID: |
935
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7160
|
Target ID: |
936
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1748
|
Target ID: |
937
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5688
|
Target ID: |
938
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3760
|
Target ID: |
939
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5904
|
Target ID: |
940
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2792
|
Target ID: |
941
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4460
|
Target ID: |
942
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4364
|
Target ID: |
943
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4124
|
Target ID: |
944
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3488
|
Target ID: |
945
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5668
|
Target ID: |
946
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5552
|
Target ID: |
947
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5644
|
Target ID: |
948
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:35
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5284
|
Target ID: |
949
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5132
|
Target ID: |
950
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5684
|
Target ID: |
951
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6072
|
Target ID: |
952
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5184
|
Target ID: |
953
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5496
|
Target ID: |
954
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5576
|
Target ID: |
955
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
480
|
Target ID: |
956
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5220
|
Target ID: |
957
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3752
|
Target ID: |
958
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
352
|
Target ID: |
959
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2472
|
Target ID: |
960
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4504
|
Target ID: |
961
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2300
|
Target ID: |
962
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1848
|
Target ID: |
963
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1448
|
Target ID: |
964
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7240
|
Target ID: |
965
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3804
|
Target ID: |
966
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6116
|
Target ID: |
967
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6048
|
Target ID: |
968
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4628
|
Target ID: |
969
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1640
|
Target ID: |
970
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3288
|
Target ID: |
971
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1548
|
Target ID: |
972
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4520
|
Target ID: |
973
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1516
|
Target ID: |
974
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:36
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3300
|
Target ID: |
975
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4908
|
Target ID: |
976
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6172
|
Target ID: |
977
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4960
|
Target ID: |
978
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2248
|
Target ID: |
979
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6180
|
Target ID: |
980
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2252
|
Target ID: |
981
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2436
|
Target ID: |
982
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2024
|
Target ID: |
983
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5180
|
Target ID: |
984
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6324
|
Target ID: |
985
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6360
|
Target ID: |
986
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3408
|
Target ID: |
987
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6456
|
Target ID: |
988
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff74e710000
|
Modulesize: |
126976
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6516
|
Target ID: |
989
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6548
|
Target ID: |
990
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6600
|
Target ID: |
991
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6612
|
Target ID: |
992
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3104
|
Target ID: |
993
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6704
|
Target ID: |
994
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4304
|
Target ID: |
995
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6772
|
Target ID: |
996
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6816
|
Target ID: |
997
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6844
|
Target ID: |
998
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5232
|
Target ID: |
999
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6796
|
Target ID: |
1000
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5292
|
Target ID: |
1001
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:37
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6840
|
Target ID: |
1002
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3912
|
Target ID: |
1003
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2836
|
Target ID: |
1004
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6952
|
Target ID: |
1005
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5808
|
Target ID: |
1006
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2720
|
Target ID: |
1007
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7060
|
Target ID: |
1008
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7084
|
Target ID: |
1009
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5272
|
Target ID: |
1010
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7676
|
Target ID: |
1011
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6276
|
Target ID: |
1012
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7700
|
Target ID: |
1013
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6336
|
Target ID: |
1014
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6492
|
Target ID: |
1015
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7708
|
Target ID: |
1016
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7724
|
Target ID: |
1017
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7732
|
Target ID: |
1018
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7740
|
Target ID: |
1019
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7780
|
Target ID: |
1020
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7772
|
Target ID: |
1021
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7788
|
Target ID: |
1022
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
504
|
Target ID: |
1023
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7824
|
Target ID: |
1024
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7808
|
Target ID: |
1025
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7856
|
Target ID: |
1026
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:38
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7836
|
Target ID: |
1027
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7828
|
Target ID: |
1028
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7888
|
Target ID: |
1029
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7912
|
Target ID: |
1030
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7892
|
Target ID: |
1031
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7932
|
Target ID: |
1032
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7936
|
Target ID: |
1033
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7256
|
Target ID: |
1034
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7588
|
Target ID: |
1035
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7960
|
Target ID: |
1036
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7984
|
Target ID: |
1037
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8028
|
Target ID: |
1038
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8044
|
Target ID: |
1039
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8024
|
Target ID: |
1040
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8076
|
Target ID: |
1041
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8100
|
Target ID: |
1042
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8116
|
Target ID: |
1043
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8080
|
Target ID: |
1044
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4556
|
Target ID: |
1045
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8128
|
Target ID: |
1046
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8176
|
Target ID: |
1047
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8168
|
Target ID: |
1048
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8188
|
Target ID: |
1049
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:39
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8184
|
Target ID: |
1050
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5124
|
Target ID: |
1051
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6884
|
Target ID: |
1052
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7088
|
Target ID: |
1053
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6440
|
Target ID: |
1054
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5928
|
Target ID: |
1055
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7268
|
Target ID: |
1056
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7288
|
Target ID: |
1057
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2116
|
Target ID: |
1058
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6112
|
Target ID: |
1059
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7360
|
Target ID: |
1060
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7332
|
Target ID: |
1061
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
928
|
Target ID: |
1062
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7312
|
Target ID: |
1063
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2308
|
Target ID: |
1064
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1352
|
Target ID: |
1065
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1188
|
Target ID: |
1066
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5840
|
Target ID: |
1067
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2492
|
Target ID: |
1068
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2208
|
Target ID: |
1069
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5448
|
Target ID: |
1070
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7452
|
Target ID: |
1071
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7408
|
Target ID: |
1072
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:40
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4924
|
Target ID: |
1073
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3412
|
Target ID: |
1074
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7500
|
Target ID: |
1075
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2212
|
Target ID: |
1076
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2488
|
Target ID: |
1077
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7548
|
Target ID: |
1078
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7484
|
Target ID: |
1079
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7516
|
Target ID: |
1080
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
280
|
Target ID: |
1081
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5948
|
Target ID: |
1082
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6240
|
Target ID: |
1083
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6288
|
Target ID: |
1084
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6244
|
Target ID: |
1085
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6964
|
Target ID: |
1086
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6920
|
Target ID: |
1087
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6764
|
Target ID: |
1088
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6152
|
Target ID: |
1089
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6948
|
Target ID: |
1090
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5852
|
Target ID: |
1091
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7072
|
Target ID: |
1092
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5956
|
Target ID: |
1093
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7164
|
Target ID: |
1094
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1880
|
Target ID: |
1095
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4228
|
Target ID: |
1096
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3796
|
Target ID: |
1097
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2792
|
Target ID: |
1098
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:41
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4364
|
Target ID: |
1099
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4124
|
Target ID: |
1100
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3488
|
Target ID: |
1101
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5668
|
Target ID: |
1102
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4264
|
Target ID: |
1103
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4544
|
Target ID: |
1104
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0xcf0000
|
Modulesize: |
155648
|
Wow64: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4496
|
Target ID: |
1105
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3196
|
Target ID: |
1106
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7192
|
Target ID: |
1107
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7576
|
Target ID: |
1108
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4312
|
Target ID: |
1109
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3096
|
Target ID: |
1110
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3568
|
Target ID: |
1111
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3328
|
Target ID: |
1112
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x630000
|
Modulesize: |
434176
|
Wow64: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5472
|
Target ID: |
1113
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5896
|
Target ID: |
1114
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4584
|
Target ID: |
1115
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4428
|
Target ID: |
1116
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3260
|
Target ID: |
1117
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3368
|
Target ID: |
1118
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2148
|
Target ID: |
1119
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3852
|
Target ID: |
1120
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:42
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5516
|
Target ID: |
1121
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4624
|
Target ID: |
1122
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3120
|
Target ID: |
1123
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5376
|
Target ID: |
1124
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6116
|
Target ID: |
1125
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4628
|
Target ID: |
1126
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1640
|
Target ID: |
1127
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3288
|
Target ID: |
1128
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1548
|
Target ID: |
1129
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4520
|
Target ID: |
1130
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1516
|
Target ID: |
1131
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3300
|
Target ID: |
1132
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4908
|
Target ID: |
1133
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6172
|
Target ID: |
1134
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6176
|
Target ID: |
1135
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6216
|
Target ID: |
1136
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5900
|
Target ID: |
1137
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2252
|
Target ID: |
1138
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2436
|
Target ID: |
1139
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2024
|
Target ID: |
1140
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2324
|
Target ID: |
1141
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6356
|
Target ID: |
1142
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6388
|
Target ID: |
1143
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5936
|
Target ID: |
1144
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6460
|
Target ID: |
1145
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6564
|
Target ID: |
1146
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:43
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6580
|
Target ID: |
1147
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2344
|
Target ID: |
1148
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2076
|
Target ID: |
1149
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6576
|
Target ID: |
1150
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3104
|
Target ID: |
1151
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6704
|
Target ID: |
1152
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4304
|
Target ID: |
1153
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6772
|
Target ID: |
1154
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6816
|
Target ID: |
1155
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6844
|
Target ID: |
1156
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5232
|
Target ID: |
1157
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6796
|
Target ID: |
1158
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5292
|
Target ID: |
1159
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6840
|
Target ID: |
1160
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3912
|
Target ID: |
1161
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2836
|
Target ID: |
1162
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6952
|
Target ID: |
1163
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5808
|
Target ID: |
1164
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2720
|
Target ID: |
1165
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7060
|
Target ID: |
1166
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7084
|
Target ID: |
1167
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
940
|
Target ID: |
1168
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6472
|
Target ID: |
1169
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7688
|
Target ID: |
1170
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7716
|
Target ID: |
1171
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:44
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7720
|
Target ID: |
1172
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6412
|
Target ID: |
1173
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7712
|
Target ID: |
1174
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6636
|
Target ID: |
1175
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6904
|
Target ID: |
1176
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7744
|
Target ID: |
1177
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7764
|
Target ID: |
1178
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7776
|
Target ID: |
1179
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7796
|
Target ID: |
1180
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7768
|
Target ID: |
1181
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7800
|
Target ID: |
1182
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7620
|
Target ID: |
1183
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7860
|
Target ID: |
1184
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0xcf0000
|
Modulesize: |
155648
|
Wow64: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7908
|
Target ID: |
1185
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7920
|
Target ID: |
1186
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7912
|
Target ID: |
1187
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7892
|
Target ID: |
1188
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7932
|
Target ID: |
1189
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7936
|
Target ID: |
1190
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7256
|
Target ID: |
1191
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7588
|
Target ID: |
1192
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7960
|
Target ID: |
1193
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7984
|
Target ID: |
1194
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8028
|
Target ID: |
1195
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8044
|
Target ID: |
1196
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8024
|
Target ID: |
1197
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:45
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8076
|
Target ID: |
1198
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8100
|
Target ID: |
1199
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8116
|
Target ID: |
1200
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8080
|
Target ID: |
1201
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4556
|
Target ID: |
1202
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8128
|
Target ID: |
1203
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8176
|
Target ID: |
1204
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8168
|
Target ID: |
1205
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8188
|
Target ID: |
1206
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8184
|
Target ID: |
1207
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5124
|
Target ID: |
1208
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6884
|
Target ID: |
1209
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7088
|
Target ID: |
1210
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6440
|
Target ID: |
1211
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5928
|
Target ID: |
1212
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7268
|
Target ID: |
1213
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7288
|
Target ID: |
1214
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2116
|
Target ID: |
1215
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7364
|
Target ID: |
1216
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7360
|
Target ID: |
1217
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7332
|
Target ID: |
1218
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
928
|
Target ID: |
1219
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7312
|
Target ID: |
1220
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2308
|
Target ID: |
1221
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1352
|
Target ID: |
1222
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1188
|
Target ID: |
1223
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5840
|
Target ID: |
1224
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2492
|
Target ID: |
1225
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:46
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2208
|
Target ID: |
1226
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5448
|
Target ID: |
1227
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7452
|
Target ID: |
1228
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0xcf0000
|
Modulesize: |
155648
|
Wow64: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7408
|
Target ID: |
1229
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4924
|
Target ID: |
1230
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3412
|
Target ID: |
1231
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7500
|
Target ID: |
1232
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2212
|
Target ID: |
1233
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2488
|
Target ID: |
1234
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7512
|
Target ID: |
1235
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4856
|
Target ID: |
1236
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7516
|
Target ID: |
1237
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
280
|
Target ID: |
1238
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5948
|
Target ID: |
1239
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6240
|
Target ID: |
1240
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6288
|
Target ID: |
1241
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6244
|
Target ID: |
1242
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6964
|
Target ID: |
1243
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6920
|
Target ID: |
1244
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6728
|
Target ID: |
1245
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7068
|
Target ID: |
1246
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6948
|
Target ID: |
1247
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2944
|
Target ID: |
1248
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:47
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1712
|
Target ID: |
1249
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7204
|
Target ID: |
1250
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7208
|
Target ID: |
1251
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4336
|
Target ID: |
1252
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7564
|
Target ID: |
1253
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3720
|
Target ID: |
1254
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7236
|
Target ID: |
1255
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4420
|
Target ID: |
1256
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
512
|
Target ID: |
1257
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2668
|
Target ID: |
1258
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5644
|
Target ID: |
1259
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5284
|
Target ID: |
1260
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1396
|
Target ID: |
1261
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3196
|
Target ID: |
1262
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5684
|
Target ID: |
1263
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4484
|
Target ID: |
1264
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5968
|
Target ID: |
1265
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5496
|
Target ID: |
1266
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5576
|
Target ID: |
1267
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
480
|
Target ID: |
1268
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
796
|
Target ID: |
1269
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2932
|
Target ID: |
1270
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:48
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3524
|
Target ID: |
1271
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2472
|
Target ID: |
1272
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4504
|
Target ID: |
1273
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3368
|
Target ID: |
1274
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2148
|
Target ID: |
1275
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4812
|
Target ID: |
1276
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3940
|
Target ID: |
1277
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4480
|
Target ID: |
1278
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2848
|
Target ID: |
1279
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
344
|
Target ID: |
1280
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5932
|
Target ID: |
1281
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4248
|
Target ID: |
1282
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5460
|
Target ID: |
1283
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2020
|
Target ID: |
1284
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4080
|
Target ID: |
1285
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
652
|
Target ID: |
1286
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1784
|
Target ID: |
1287
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5084
|
Target ID: |
1288
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6160
|
Target ID: |
1289
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1464
|
Target ID: |
1290
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4076
|
Target ID: |
1291
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6184
|
Target ID: |
1292
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2228
|
Target ID: |
1293
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6192
|
Target ID: |
1294
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3916
|
Target ID: |
1295
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2024
|
Target ID: |
1296
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2324
|
Target ID: |
1297
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6372
|
Target ID: |
1298
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6408
|
Target ID: |
1299
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:49
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6456
|
Target ID: |
1300
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6484
|
Target ID: |
1301
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6464
|
Target ID: |
1302
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6600
|
Target ID: |
1303
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2076
|
Target ID: |
1304
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6576
|
Target ID: |
1305
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6640
|
Target ID: |
1306
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6664
|
Target ID: |
1307
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6700
|
Target ID: |
1308
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5080
|
Target ID: |
1309
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6784
|
Target ID: |
1310
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3900
|
Target ID: |
1311
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5804
|
Target ID: |
1312
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x800000
|
Modulesize: |
962560
|
Wow64: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3716
|
Target ID: |
1313
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4564
|
Target ID: |
1314
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2496
|
Target ID: |
1315
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5776
|
Target ID: |
1316
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1344
|
Target ID: |
1317
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6996
|
Target ID: |
1318
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:50
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
332
|
Target ID: |
1319
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7048
|
Target ID: |
1320
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7672
|
Target ID: |
1321
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7060
|
Target ID: |
1322
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7084
|
Target ID: |
1323
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7692
|
Target ID: |
1324
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7572
|
Target ID: |
1325
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7700
|
Target ID: |
1326
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6336
|
Target ID: |
1327
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2332
|
Target ID: |
1328
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6508
|
Target ID: |
1329
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6792
|
Target ID: |
1330
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7748
|
Target ID: |
1331
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7756
|
Target ID: |
1332
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7780
|
Target ID: |
1333
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7792
|
Target ID: |
1334
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7812
|
Target ID: |
1335
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
504
|
Target ID: |
1336
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7824
|
Target ID: |
1337
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7808
|
Target ID: |
1338
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7856
|
Target ID: |
1339
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7836
|
Target ID: |
1340
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7828
|
Target ID: |
1341
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7928
|
Target ID: |
1342
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7924
|
Target ID: |
1343
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:51
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1852
|
Target ID: |
1344
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6ec4b0000
|
Modulesize: |
28672
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7248
|
Target ID: |
1345
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7584
|
Target ID: |
1346
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7952
|
Target ID: |
1347
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7988
|
Target ID: |
1348
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7972
|
Target ID: |
1349
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7976
|
Target ID: |
1350
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8004
|
Target ID: |
1351
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8016
|
Target ID: |
1352
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8040
|
Target ID: |
1353
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8084
|
Target ID: |
1354
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
908
|
Target ID: |
1355
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8072
|
Target ID: |
1356
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7324
|
Target ID: |
1357
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8116
|
Target ID: |
1358
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8080
|
Target ID: |
1359
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8144
|
Target ID: |
1360
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8124
|
Target ID: |
1361
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8148
|
Target ID: |
1362
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8176
|
Target ID: |
1363
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8168
|
Target ID: |
1364
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5212
|
Target ID: |
1365
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:52
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7264
|
Target ID: |
1366
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2504
|
Target ID: |
1367
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3688
|
Target ID: |
1368
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6944
|
Target ID: |
1369
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2104
|
Target ID: |
1370
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1196
|
Target ID: |
1371
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7592
|
Target ID: |
1372
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
744
|
Target ID: |
1373
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5720
|
Target ID: |
1374
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6112
|
Target ID: |
1375
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7404
|
Target ID: |
1376
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7980
|
Target ID: |
1377
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7388
|
Target ID: |
1378
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3492
|
Target ID: |
1379
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5344
|
Target ID: |
1380
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1016
|
Target ID: |
1381
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4108
|
Target ID: |
1382
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3888
|
Target ID: |
1383
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2492
|
Target ID: |
1384
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2208
|
Target ID: |
1385
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5448
|
Target ID: |
1386
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7452
|
Target ID: |
1387
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7408
|
Target ID: |
1388
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4924
|
Target ID: |
1389
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:53
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3412
|
Target ID: |
1390
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7500
|
Target ID: |
1391
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2212
|
Target ID: |
1392
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2488
|
Target ID: |
1393
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7512
|
Target ID: |
1394
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5952
|
Target ID: |
1395
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7520
|
Target ID: |
1396
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7492
|
Target ID: |
1397
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6104
|
Target ID: |
1398
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6352
|
Target ID: |
1399
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6288
|
Target ID: |
1400
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6244
|
Target ID: |
1401
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6964
|
Target ID: |
1402
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6920
|
Target ID: |
1403
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6728
|
Target ID: |
1404
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1628
|
Target ID: |
1405
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5068
|
Target ID: |
1406
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1260
|
Target ID: |
1407
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7072
|
Target ID: |
1408
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1748
|
Target ID: |
1409
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1144
|
Target ID: |
1410
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:54
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4088
|
Target ID: |
1411
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5904
|
Target ID: |
1412
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2792
|
Target ID: |
1413
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4364
|
Target ID: |
1414
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3720
|
Target ID: |
1415
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7236
|
Target ID: |
1416
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4420
|
Target ID: |
1417
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
512
|
Target ID: |
1418
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5324
|
Target ID: |
1419
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5600
|
Target ID: |
1420
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x800000
|
Modulesize: |
962560
|
Wow64: |
true
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7300
|
Target ID: |
1421
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5132
|
Target ID: |
1422
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5752
|
Target ID: |
1423
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3196
|
Target ID: |
1424
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2700
|
Target ID: |
1425
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5436
|
Target ID: |
1426
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7320
|
Target ID: |
1427
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:55
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5680
|
Target ID: |
1428
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5968
|
Target ID: |
1429
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5496
|
Target ID: |
1430
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1832
|
Target ID: |
1431
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5220
|
Target ID: |
1432
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3752
|
Target ID: |
1433
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
352
|
Target ID: |
1434
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2696
|
Target ID: |
1435
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3152
|
Target ID: |
1436
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2300
|
Target ID: |
1437
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1436
|
Target ID: |
1438
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3128
|
Target ID: |
1439
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7612
|
Target ID: |
1440
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6c34b0000
|
Modulesize: |
6152192
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3264
|
Target ID: |
1441
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
412
|
Target ID: |
1442
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3496
|
Target ID: |
1443
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:56
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1340
|
Target ID: |
1444
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5756
|
Target ID: |
1445
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1284
|
Target ID: |
1446
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4248
|
Target ID: |
1447
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5460
|
Target ID: |
1448
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3288
|
Target ID: |
1449
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1716
|
Target ID: |
1450
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1900
|
Target ID: |
1451
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6436
|
Target ID: |
1452
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3300
|
Target ID: |
1453
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4960
|
Target ID: |
1454
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2248
|
Target ID: |
1455
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1464
|
Target ID: |
1456
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4076
|
Target ID: |
1457
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6184
|
Target ID: |
1458
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2228
|
Target ID: |
1459
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6192
|
Target ID: |
1460
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3916
|
Target ID: |
1461
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2024
|
Target ID: |
1462
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2324
|
Target ID: |
1463
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:57
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6372
|
Target ID: |
1464
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6408
|
Target ID: |
1465
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6456
|
Target ID: |
1466
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6484
|
Target ID: |
1467
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6464
|
Target ID: |
1468
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6600
|
Target ID: |
1469
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2076
|
Target ID: |
1470
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3104
|
Target ID: |
1471
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6676
|
Target ID: |
1472
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4304
|
Target ID: |
1473
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3992
|
Target ID: |
1474
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6748
|
Target ID: |
1475
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3900
|
Target ID: |
1476
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5804
|
Target ID: |
1477
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3716
|
Target ID: |
1478
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4564
|
Target ID: |
1479
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2496
|
Target ID: |
1480
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5332
|
Target ID: |
1481
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:58
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7024
|
Target ID: |
1482
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7064
|
Target ID: |
1483
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3612
|
Target ID: |
1484
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7096
|
Target ID: |
1485
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5380
|
Target ID: |
1486
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5272
|
Target ID: |
1487
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7684
|
Target ID: |
1488
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
940
|
Target ID: |
1489
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6472
|
Target ID: |
1490
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7736
|
Target ID: |
1491
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7716
|
Target ID: |
1492
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7720
|
Target ID: |
1493
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6412
|
Target ID: |
1494
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7712
|
Target ID: |
1495
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7556
|
Target ID: |
1496
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6904
|
Target ID: |
1497
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7744
|
Target ID: |
1498
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7764
|
Target ID: |
1499
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7776
|
Target ID: |
1500
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7796
|
Target ID: |
1501
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7768
|
Target ID: |
1502
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7800
|
Target ID: |
1503
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7620
|
Target ID: |
1504
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7860
|
Target ID: |
1505
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7896
|
Target ID: |
1506
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7916
|
Target ID: |
1507
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7956
|
Target ID: |
1508
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:38:59
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2136
|
Target ID: |
1509
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7260
|
Target ID: |
1510
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2828
|
Target ID: |
1511
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7256
|
Target ID: |
1512
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7588
|
Target ID: |
1513
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7960
|
Target ID: |
1514
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7984
|
Target ID: |
1515
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8028
|
Target ID: |
1516
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8044
|
Target ID: |
1517
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8024
|
Target ID: |
1518
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2476
|
Target ID: |
1519
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2044
|
Target ID: |
1520
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8068
|
Target ID: |
1521
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8112
|
Target ID: |
1522
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8132
|
Target ID: |
1523
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8116
|
Target ID: |
1524
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4556
|
Target ID: |
1525
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8156
|
Target ID: |
1526
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8172
|
Target ID: |
1527
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8176
|
Target ID: |
1528
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8188
|
Target ID: |
1529
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8184
|
Target ID: |
1530
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5124
|
Target ID: |
1531
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7020
|
Target ID: |
1532
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff71e800000
|
Modulesize: |
114688
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6880
|
Target ID: |
1533
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:00
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2664
|
Target ID: |
1534
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4456
|
Target ID: |
1535
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7268
|
Target ID: |
1536
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7440
|
Target ID: |
1537
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4548
|
Target ID: |
1538
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7364
|
Target ID: |
1539
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1028
|
Target ID: |
1540
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7316
|
Target ID: |
1541
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7980
|
Target ID: |
1542
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7388
|
Target ID: |
1543
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3492
|
Target ID: |
1544
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5344
|
Target ID: |
1545
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1352
|
Target ID: |
1546
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5916
|
Target ID: |
1547
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7432
|
Target ID: |
1548
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7400
|
Target ID: |
1549
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7460
|
Target ID: |
1550
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5716
|
Target ID: |
1551
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2724
|
Target ID: |
1552
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2288
|
Target ID: |
1553
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7496
|
Target ID: |
1554
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7504
|
Target ID: |
1555
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:01
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5500
|
Target ID: |
1556
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7500
|
Target ID: |
1557
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2212
|
Target ID: |
1558
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4856
|
Target ID: |
1559
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3156
|
Target ID: |
1560
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6220
|
Target ID: |
1561
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5624
|
Target ID: |
1562
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7180
|
Target ID: |
1563
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6104
|
Target ID: |
1564
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6968
|
Target ID: |
1565
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7148
|
Target ID: |
1566
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7132
|
Target ID: |
1567
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6852
|
Target ID: |
1568
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6992
|
Target ID: |
1569
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4132
|
Target ID: |
1570
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3812
|
Target ID: |
1571
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5852
|
Target ID: |
1572
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7072
|
Target ID: |
1573
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1748
|
Target ID: |
1574
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5688
|
Target ID: |
1575
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7208
|
Target ID: |
1576
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:02
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4084
|
Target ID: |
1577
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3864
|
Target ID: |
1578
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2564
|
Target ID: |
1579
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4124
|
Target ID: |
1580
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3488
|
Target ID: |
1581
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5552
|
Target ID: |
1582
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7608
|
Target ID: |
1583
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2668
|
Target ID: |
1584
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4544
|
Target ID: |
1585
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4496
|
Target ID: |
1586
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1396
|
Target ID: |
1587
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6040
|
Target ID: |
1588
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2832
|
Target ID: |
1589
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6032
|
Target ID: |
1590
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5684
|
Target ID: |
1591
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4484
|
Target ID: |
1592
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1816
|
Target ID: |
1593
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3520
|
Target ID: |
1594
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3552
|
Target ID: |
1595
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3980
|
Target ID: |
1596
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3328
|
Target ID: |
1597
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5312
|
Target ID: |
1598
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7476
|
Target ID: |
1599
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2932
|
Target ID: |
1600
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:03
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4428
|
Target ID: |
1601
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3260
|
Target ID: |
1602
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5052
|
Target ID: |
1603
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1992
|
Target ID: |
1604
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4812
|
Target ID: |
1605
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3940
|
Target ID: |
1606
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4480
|
Target ID: |
1607
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2848
|
Target ID: |
1608
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3496
|
Target ID: |
1609
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1340
|
Target ID: |
1610
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5756
|
Target ID: |
1611
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1640
|
Target ID: |
1612
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5828
|
Target ID: |
1613
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2020
|
Target ID: |
1614
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4080
|
Target ID: |
1615
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4520
|
Target ID: |
1616
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1784
|
Target ID: |
1617
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5084
|
Target ID: |
1618
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4908
|
Target ID: |
1619
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2248
|
Target ID: |
1620
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1464
|
Target ID: |
1621
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:04
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4076
|
Target ID: |
1622
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6184
|
Target ID: |
1623
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2228
|
Target ID: |
1624
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6192
|
Target ID: |
1625
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3916
|
Target ID: |
1626
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2024
|
Target ID: |
1627
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2324
|
Target ID: |
1628
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6372
|
Target ID: |
1629
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6408
|
Target ID: |
1630
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6456
|
Target ID: |
1631
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6484
|
Target ID: |
1632
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6464
|
Target ID: |
1633
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6600
|
Target ID: |
1634
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2076
|
Target ID: |
1635
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3104
|
Target ID: |
1636
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6664
|
Target ID: |
1637
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6700
|
Target ID: |
1638
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5080
|
Target ID: |
1639
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
736
|
Target ID: |
1640
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:05
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5232
|
Target ID: |
1641
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6796
|
Target ID: |
1642
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5292
|
Target ID: |
1643
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6840
|
Target ID: |
1644
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2496
|
Target ID: |
1645
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5332
|
Target ID: |
1646
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7024
|
Target ID: |
1647
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7064
|
Target ID: |
1648
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3612
|
Target ID: |
1649
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7704
|
Target ID: |
1650
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7060
|
Target ID: |
1651
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6416
|
Target ID: |
1652
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6296
|
Target ID: |
1653
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6588
|
Target ID: |
1654
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6492
|
Target ID: |
1655
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6336
|
Target ID: |
1656
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7724
|
Target ID: |
1657
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7760
|
Target ID: |
1658
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6636
|
Target ID: |
1659
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7752
|
Target ID: |
1660
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7784
|
Target ID: |
1661
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7804
|
Target ID: |
1662
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:06
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7848
|
Target ID: |
1663
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7820
|
Target ID: |
1664
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7868
|
Target ID: |
1665
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7884
|
Target ID: |
1666
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7852
|
Target ID: |
1667
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7880
|
Target ID: |
1668
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7836
|
Target ID: |
1669
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7828
|
Target ID: |
1670
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7928
|
Target ID: |
1671
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7940
|
Target ID: |
1672
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7892
|
Target ID: |
1673
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7248
|
Target ID: |
1674
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3384
|
Target ID: |
1675
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5868
|
Target ID: |
1676
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff71e800000
|
Modulesize: |
114688
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7952
|
Target ID: |
1677
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7996
|
Target ID: |
1678
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7972
|
Target ID: |
1679
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7992
|
Target ID: |
1680
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8064
|
Target ID: |
1681
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8056
|
Target ID: |
1682
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2260
|
Target ID: |
1683
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4824
|
Target ID: |
1684
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3052
|
Target ID: |
1685
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
404
|
Target ID: |
1686
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4008
|
Target ID: |
1687
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7324
|
Target ID: |
1688
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:07
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8080
|
Target ID: |
1689
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1648
|
Target ID: |
1690
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8144
|
Target ID: |
1691
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8160
|
Target ID: |
1692
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
8148
|
Target ID: |
1693
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5168
|
Target ID: |
1694
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5796
|
Target ID: |
1695
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5480
|
Target ID: |
1696
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7699e0000
|
Modulesize: |
892928
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3352
|
Target ID: |
1697
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7264
|
Target ID: |
1698
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7252
|
Target ID: |
1699
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:08
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5648
|
Target ID: |
1700
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7020
|
Target ID: |
1701
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1276
|
Target ID: |
1702
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6880
|
Target ID: |
1703
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4456
|
Target ID: |
1704
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7268
|
Target ID: |
1705
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2264
|
Target ID: |
1706
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1544
|
Target ID: |
1707
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3060
|
Target ID: |
1708
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7336
|
Target ID: |
1709
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7360
|
Target ID: |
1710
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3596
|
Target ID: |
1711
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1028
|
Target ID: |
1712
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1400
|
Target ID: |
1713
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
928
|
Target ID: |
1714
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2200
|
Target ID: |
1715
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4128
|
Target ID: |
1716
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2948
|
Target ID: |
1717
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2308
|
Target ID: |
1718
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1928
|
Target ID: |
1719
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6976
|
Target ID: |
1720
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4028
|
Target ID: |
1721
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2336
|
Target ID: |
1722
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3232
|
Target ID: |
1723
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:09
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5304
|
Target ID: |
1724
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff6eef20000
|
Modulesize: |
65536
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1908
|
Target ID: |
1725
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1016
|
Target ID: |
1726
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4108
|
Target ID: |
1727
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2360
|
Target ID: |
1728
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7448
|
Target ID: |
1729
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7436
|
Target ID: |
1730
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6368
|
Target ID: |
1731
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5448
|
Target ID: |
1732
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2804
|
Target ID: |
1733
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7456
|
Target ID: |
1734
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3008
|
Target ID: |
1735
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2288
|
Target ID: |
1736
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7496
|
Target ID: |
1737
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7540
|
Target ID: |
1738
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7532
|
Target ID: |
1739
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7528
|
Target ID: |
1740
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7524
|
Target ID: |
1741
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4904
|
Target ID: |
1742
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5952
|
Target ID: |
1743
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7520
|
Target ID: |
1744
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6916
|
Target ID: |
1745
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7128
|
Target ID: |
1746
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3340
|
Target ID: |
1747
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2648
|
Target ID: |
1748
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff71e800000
|
Modulesize: |
114688
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7144
|
Target ID: |
1749
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6660
|
Target ID: |
1750
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3476
|
Target ID: |
1751
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4012
|
Target ID: |
1752
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6920
|
Target ID: |
1753
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3648
|
Target ID: |
1754
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:11
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6992
|
Target ID: |
1755
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7116
|
Target ID: |
1756
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2656
|
Target ID: |
1757
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5068
|
Target ID: |
1758
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
636
|
Target ID: |
1759
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2944
|
Target ID: |
1760
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff71e800000
|
Modulesize: |
114688
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1712
|
Target ID: |
1761
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1748
|
Target ID: |
1762
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3760
|
Target ID: |
1763
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7564
|
Target ID: |
1764
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4084
|
Target ID: |
1765
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3864
|
Target ID: |
1766
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5016
|
Target ID: |
1767
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5596
|
Target ID: |
1768
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4124
|
Target ID: |
1769
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7236
|
Target ID: |
1770
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7188
|
Target ID: |
1771
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5552
|
Target ID: |
1772
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:12
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7608
|
Target ID: |
1773
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4264
|
Target ID: |
1774
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5284
|
Target ID: |
1775
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7300
|
Target ID: |
1776
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1892
|
Target ID: |
1777
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1396
|
Target ID: |
1778
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7376
|
Target ID: |
1779
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3196
|
Target ID: |
1780
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5184
|
Target ID: |
1781
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5572
|
Target ID: |
1782
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4312
|
Target ID: |
1783
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4048
|
Target ID: |
1784
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5968
|
Target ID: |
1785
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:13
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5576
|
Target ID: |
1786
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1832
|
Target ID: |
1787
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
796
|
Target ID: |
1788
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7372
|
Target ID: |
1789
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5312
|
Target ID: |
1790
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
7476
|
Target ID: |
1791
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2932
|
Target ID: |
1792
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4428
|
Target ID: |
1793
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3368
|
Target ID: |
1794
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5884
|
Target ID: |
1795
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5860
|
Target ID: |
1796
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff693ab0000
|
Modulesize: |
516096
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2148
|
Target ID: |
1797
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3128
|
Target ID: |
1798
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3828
|
Target ID: |
1799
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4812
|
Target ID: |
1800
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3940
|
Target ID: |
1801
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4480
|
Target ID: |
1802
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5376
|
Target ID: |
1803
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6116
|
Target ID: |
1804
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1284
|
Target ID: |
1805
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4248
|
Target ID: |
1806
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:14
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3176
|
Target ID: |
1807
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2924
|
Target ID: |
1808
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2020
|
Target ID: |
1809
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1548
|
Target ID: |
1810
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1900
|
Target ID: |
1811
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1516
|
Target ID: |
1812
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
3300
|
Target ID: |
1813
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6172
|
Target ID: |
1814
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6180
|
Target ID: |
1815
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2248
|
Target ID: |
1816
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
1464
|
Target ID: |
1817
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
4076
|
Target ID: |
1818
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
6184
|
Target ID: |
1819
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\cmd.exe
|
cmd /c
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
2228
|
Target ID: |
1820
|
Parent PID: |
980
|
Name: |
cmd.exe
|
Class: |
cmd
|
Path: |
C:\Windows\System32\cmd.exe
|
Commandline: |
cmd /c
|
Size: |
289792
|
MD5: |
8A2122E8162DBEF04694B9C3E0B6CDEE
|
Time: |
16:39:15
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
timeout
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff675fd0000
|
Modulesize: |
421888
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Sigma detected: Cmd.EXE Missing Space Characters Execution Anomaly |
System Summary |
|
Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
Spawns processes |
System Summary |
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
Is windows: |
true
|
Is dropped: |
false
|
PID: |
5848
|
Target ID: |
1
|
Parent PID: |
980
|
Name: |
conhost.exe
|
Path: |
C:\Windows\System32\conhost.exe
|
Commandline: |
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Size: |
862208
|
MD5: |
0D698AF330FD17BEE3BF90011D49251D
|
Time: |
16:37:10
|
Date: |
01/08/2024
|
Reason: |
newprocess
|
Reputation: |
high
|
Is admin: |
true
|
Is elevated: |
true
|
Modulebase: |
0x7ff7699e0000
|
Modulesize: |
892928
|
Wow64: |
false
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Spawns processes |
System Summary |
|
|