Uncommon Sigverif.EXE Child Process (7d4aaec2-08ed-4430-8b96-28420e030e04)
Detects uncommon child processes spawning from "sigverif.exe", which could indicate potential abuse of the latter as a living of the land binary in order to proxy execution.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Uncommon Sigverif.EXE Child Process (7d4aaec2-08ed-4430-8b96-28420e030e04) | Sigma-Rules | System Script Proxy Execution - T1216 (f6fe9070-7a65-49ea-ae72-76292f42cebe) | Attack Pattern | 1 |