Skip to content

Hide Navigation Hide TOC

Potentially Suspicious Child Process Of VsCode (5a3164f2-b373-4152-93cf-090b13c12d27)

Detects uncommon or suspicious child processes spawning from a VsCode "code.exe" process. This could indicate an attempt of persistence via VsCode tasks or terminal profiles.

Cluster A Galaxy A Cluster B Galaxy B Level
Potentially Suspicious Child Process Of VsCode (5a3164f2-b373-4152-93cf-090b13c12d27) Sigma-Rules Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern 1
Potentially Suspicious Child Process Of VsCode (5a3164f2-b373-4152-93cf-090b13c12d27) Sigma-Rules System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 1