Suspect Svchost Activity (16c37b52-b141-42a5-a3ea-bbe098444397)
It is extremely abnormal for svchost.exe to spawn without any CLI arguments and is normally observed when a malicious process spawns the process and injects code into the process memory space.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) | Attack Pattern | Suspect Svchost Activity (16c37b52-b141-42a5-a3ea-bbe098444397) | Sigma-Rules | 1 |