Skip to content

Hide Navigation Hide TOC

Renamed BrowserCore.EXE Execution (8a4519e8-e64a-40b6-ae85-ba8ad2177559)

Detects process creation with a renamed BrowserCore.exe (used to extract Azure tokens)

Cluster A Galaxy A Cluster B Galaxy B Level
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Renamed BrowserCore.EXE Execution (8a4519e8-e64a-40b6-ae85-ba8ad2177559) Sigma-Rules 1
Renamed BrowserCore.EXE Execution (8a4519e8-e64a-40b6-ae85-ba8ad2177559) Sigma-Rules Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 1
Rename System Utilities - T1036.003 (bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 2