Use of Pcalua For Execution (0955e4e1-c281-4fb9-9ee1-5ee7b4b754d2)
Detects execition of commands and binaries from the context of The program compatibility assistant (Pcalua.exe). This can be used as a LOLBIN in order to bypass application whitelisting.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Use of Pcalua For Execution (0955e4e1-c281-4fb9-9ee1-5ee7b4b754d2) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |