Suspicious Process Created Via Wmic.EXE (3c89a1e8-0fba-449e-8f1b-8409d6267ec8)
Detects WMIC executing "process call create" with suspicious calls to processes such as "rundll32", "regsrv32", etc.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Suspicious Process Created Via Wmic.EXE (3c89a1e8-0fba-449e-8f1b-8409d6267ec8) | Sigma-Rules | Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) | Attack Pattern | 1 |