<<< Hide Navigation Hide TOC >>>
Sysinternals PsSuspend Suspicious Execution (4beb6ae0-f85b-41e2-8f18-8668abc8af78)
Detects suspicious execution of Sysinternals PsSuspend, where the utility is used to suspend critical processes such as AV or EDR to bypass defenses
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
Sysinternals PsSuspend Suspicious Execution (4beb6ae0-f85b-41e2-8f18-8668abc8af78) | Sigma-Rules | Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) | Attack Pattern | 1 |
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) | Attack Pattern | Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579) | Attack Pattern | 2 |