Execution via WorkFolders.exe (0bbc6369-43e3-453d-9944-cae58821c173)
Detects using WorkFolders.exe to execute an arbitrary control.exe
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Execution via WorkFolders.exe (0bbc6369-43e3-453d-9944-cae58821c173) | Sigma-Rules | System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | 1 |