Potential Defense Evasion Via Binary Rename (36480ae1-a1cb-4eaa-a0d6-29801d7e9142)

Detects the execution of a renamed binary often used by attackers or malware leveraging new Sysmon OriginalFileName datapoint.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Potential Defense Evasion Via Binary Rename (36480ae1-a1cb-4eaa-a0d6-29801d7e9142)	Sigma-Rules	1
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2