Execute MSDT Via Answer File (9c8c7000-3065-44a8-a555-79bcba5d9955)
Detects execution of "msdt.exe" using an answer file which is simulating the legitimate way of calling msdt via "pcwrun.exe" (For example from the compatibility tab)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | Execute MSDT Via Answer File (9c8c7000-3065-44a8-a555-79bcba5d9955) | Sigma-Rules | 1 |