Skip to content

Hide Navigation Hide TOC

Uncommon Service Installation Image Path (26481afe-db26-4228-b264-25a29fe6efc7)

Detects uncommon service installation commands by looking at suspicious or uncommon image path values containing references to encoded powershell commands, temporary paths, etc.

Cluster A Galaxy A Cluster B Galaxy B Level
Uncommon Service Installation Image Path (26481afe-db26-4228-b264-25a29fe6efc7) Sigma-Rules Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2