Lolbin Unregmp2.exe Use As Proxy (727454c0-d851-48b0-8b89-385611ab0704)
Detect usage of the "unregmp2.exe" binary as a proxy to launch a custom version of "wmpnscfg.exe"
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | Lolbin Unregmp2.exe Use As Proxy (727454c0-d851-48b0-8b89-385611ab0704) | Sigma-Rules | 1 |