Hide Navigation Hide TOC Suspicious MsiExec Embedding Parent (4a2a2c3e-209f-4d01-b513-4155a540b469) Adversaries may abuse msiexec.exe to proxy the execution of malicious payloads Cluster A Galaxy A Cluster B Galaxy B Level Suspicious MsiExec Embedding Parent (4a2a2c3e-209f-4d01-b513-4155a540b469) Sigma-Rules Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 1 System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 2