Suspicious Calculator Usage (737e618a-a410-49b5-bec3-9e55ff7fbc15)
Detects suspicious use of 'calc.exe' with command line parameters or in a suspicious directory, which is likely caused by some PoC or detection evasion.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) | Attack Pattern | Suspicious Calculator Usage (737e618a-a410-49b5-bec3-9e55ff7fbc15) | Sigma-Rules | 1 |