Skip to content

Hide Navigation Hide TOC

Renamed NirCmd.EXE Execution (264982dc-dbad-4dce-b707-1e0d3e0f73d9)

Detects the execution of a renamed "NirCmd.exe" binary based on the PE metadata fields.

Cluster A Galaxy A Cluster B Galaxy B Level
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Renamed NirCmd.EXE Execution (264982dc-dbad-4dce-b707-1e0d3e0f73d9) Sigma-Rules 1
Renamed NirCmd.EXE Execution (264982dc-dbad-4dce-b707-1e0d3e0f73d9) Sigma-Rules Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 1