Conhost Spawned By Uncommon Parent Process (cbb9e3d1-2386-4e59-912e-62f1484f7a89)
Detects when the Console Window Host (conhost.exe) process is spawned by an uncommon parent process, which could be indicative of potential code injection activity.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Conhost Spawned By Uncommon Parent Process (cbb9e3d1-2386-4e59-912e-62f1484f7a89) | Sigma-Rules | Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) | Attack Pattern | 1 |