Skip to content

Hide Navigation Hide TOC

Uncommon Child Process Of Setres.EXE (835e75bf-4bfd-47a4-b8a6-b766cac8bcb7)

Detects uncommon child process of Setres.EXE. Setres.EXE is a Windows server only process and tool that can be used to set the screen resolution. It can potentially be abused in order to launch any arbitrary file with a name containing the word "choice" from the current execution path.

Cluster A Galaxy A Cluster B Galaxy B Level
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Uncommon Child Process Of Setres.EXE (835e75bf-4bfd-47a4-b8a6-b766cac8bcb7) Sigma-Rules 1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Uncommon Child Process Of Setres.EXE (835e75bf-4bfd-47a4-b8a6-b766cac8bcb7) Sigma-Rules 1