Skip to content

Hide Navigation Hide TOC

Suspicious Process Masquerading As SvcHost.EXE (be58d2e2-06c8-4f58-b666-b99f6dc3b6cd)

Detects a suspicious process that is masquerading as the legitimate "svchost.exe" by naming its binary "svchost.exe" and executing from an uncommon location. Adversaries often disguise their malicious binaries by naming them after legitimate system processes like "svchost.exe" to evade detection.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Process Masquerading As SvcHost.EXE (be58d2e2-06c8-4f58-b666-b99f6dc3b6cd) Sigma-Rules Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 1
Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern 2