Potential Process Injection Via Msra.EXE (744a188b-0415-4792-896f-11ddb0588dbc)
Detects potential process injection via Microsoft Remote Asssistance (Msra.exe) by looking at suspicious child processes spawned from the aforementioned process. It has been a target used by many threat actors and used for discovery and persistence tactics
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) | Attack Pattern | Potential Process Injection Via Msra.EXE (744a188b-0415-4792-896f-11ddb0588dbc) | Sigma-Rules | 1 |