Lolbas OneDriveStandaloneUpdater.exe Proxy Download (3aff0be0-7802-4a7e-a4fa-c60c74bc5e1d)
Detects setting a custom URL for OneDriveStandaloneUpdater.exe to download a file from the Internet without executing any anomalous executables with suspicious arguments. The downloaded file will be in C:\Users\redacted\AppData\Local\Microsoft\OneDrive\StandaloneUpdaterreSignInSettingsConfig.json
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Lolbas OneDriveStandaloneUpdater.exe Proxy Download (3aff0be0-7802-4a7e-a4fa-c60c74bc5e1d) | Sigma-Rules | Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) | Attack Pattern | 1 |