Skip to content

Hide Navigation Hide TOC

Potentially Suspicious Child Processes Spawned by ConHost (dfa03a09-8b92-4d83-8e74-f72839b1c407)

Detects suspicious child processes related to Windows Shell utilities spawned by conhost.exe, which could indicate malicious activity using trusted system components.

Cluster A Galaxy A Cluster B Galaxy B Level
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Potentially Suspicious Child Processes Spawned by ConHost (dfa03a09-8b92-4d83-8e74-f72839b1c407) Sigma-Rules 1
Potentially Suspicious Child Processes Spawned by ConHost (dfa03a09-8b92-4d83-8e74-f72839b1c407) Sigma-Rules Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern 1