Network Connection Initiated Via Notepad.EXE (e81528db-fc02-45e8-8e98-4e84aba1f10b)
Detects a network connection that is initiated by the "notepad.exe" process. This might be a sign of process injection from a beacon process or something similar. Notepad rarely initiates a network communication except when printing documents for example.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) | Attack Pattern | Network Connection Initiated Via Notepad.EXE (e81528db-fc02-45e8-8e98-4e84aba1f10b) | Sigma-Rules | 1 |