Skip to content

Hide Navigation Hide TOC

Suspicious MsiExec Embedding Parent (4a2a2c3e-209f-4d01-b513-4155a540b469)

Adversaries may abuse msiexec.exe to proxy the execution of malicious payloads

Cluster A Galaxy A Cluster B Galaxy B Level
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern Suspicious MsiExec Embedding Parent (4a2a2c3e-209f-4d01-b513-4155a540b469) Sigma-Rules 1
Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2