Potentially Suspicious Child Process Of DiskShadow.EXE (9f546b25-5f12-4c8d-8532-5893dcb1e4b8)
Detects potentially suspicious child processes of "Diskshadow.exe". This could be an attempt to bypass parent/child relationship detection or application whitelisting rules.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | Potentially Suspicious Child Process Of DiskShadow.EXE (9f546b25-5f12-4c8d-8532-5893dcb1e4b8) | Sigma-Rules | 1 |