Suspicious Rundll32 Invoking Inline VBScript (1cc50f3f-1fc8-4acf-b2e9-6f172e1fdebd)
Detects suspicious process related to rundll32 based on command line that invokes inline VBScript as seen being used by UNC2452
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) | Attack Pattern | Suspicious Rundll32 Invoking Inline VBScript (1cc50f3f-1fc8-4acf-b2e9-6f172e1fdebd) | Sigma-Rules | 1 |