Skip to content

Hide Navigation Hide TOC

Suspicious Binary In User Directory Spawned From Office Application (aa3a6f94-890e-4e22-b634-ffdfd54792cc)

Detects an executable in the users directory started from one of the Microsoft Office suite applications (Word, Excel, PowerPoint, Publisher, Visio)

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Binary In User Directory Spawned From Office Application (aa3a6f94-890e-4e22-b634-ffdfd54792cc) Sigma-Rules Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Malicious File - T1204.002 (232b7f21-adf9-4b42-b936-b9d6f7df856e) Attack Pattern 2