<<< Hide Navigation Hide TOC >>>
Renamed Gpg.EXE Execution (ec0722a3-eb5c-4a56-8ab2-bf6f20708592)
Detects the execution of a renamed "gpg.exe". Often used by ransomware and loaders to decrypt/encrypt data.
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) | Attack Pattern | Renamed Gpg.EXE Execution (ec0722a3-eb5c-4a56-8ab2-bf6f20708592) | Sigma-Rules | 1 |