Renamed Gpg.EXE Execution (ec0722a3-eb5c-4a56-8ab2-bf6f20708592)
Detects the execution of a renamed "gpg.exe". Often used by ransomware and loaders to decrypt/encrypt data.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) | Attack Pattern | Renamed Gpg.EXE Execution (ec0722a3-eb5c-4a56-8ab2-bf6f20708592) | Sigma-Rules | 1 |