Uncommon Child Process Of Conhost.EXE (7dc2dedd-7603-461a-bc13-15803d132355)
Detects uncommon "conhost" child processes. This could be a sign of "conhost" usage as a LOLBIN or potential process injection activity.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) | Attack Pattern | Uncommon Child Process Of Conhost.EXE (7dc2dedd-7603-461a-bc13-15803d132355) | Sigma-Rules | 1 |