Skip to content

Hide Navigation Hide TOC

Elevated System Shell Spawned From Uncommon Parent Location (178e615d-e666-498b-9630-9ed363038101)

Detects when a shell program such as the Windows command prompt or PowerShell is launched with system privileges from a uncommon parent location.

Cluster A Galaxy A Cluster B Galaxy B Level
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Elevated System Shell Spawned From Uncommon Parent Location (178e615d-e666-498b-9630-9ed363038101) Sigma-Rules 1