Skip to content

Hide Navigation Hide TOC

Suspicious New Service Creation (17a1be64-8d88-40bf-b5ff-a4f7a50ebcc8)

Detects creation of a new service via "sc" command or the powershell "new-service" cmdlet with suspicious binary paths

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Suspicious New Service Creation (17a1be64-8d88-40bf-b5ff-a4f7a50ebcc8) Sigma-Rules 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2