Renamed ProcDump Execution (4a0b2c7e-7cb2-495d-8b63-5f268e7bfd67)

Detects the execution of a renamed ProcDump executable. This often done by attackers or malware in order to evade defensive mechanisms.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Renamed ProcDump Execution (4a0b2c7e-7cb2-495d-8b63-5f268e7bfd67)	Sigma-Rules	Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	1
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2