Skip to content

Hide Navigation Hide TOC

PUA - AdvancedRun Suspicious Execution (fa00b701-44c6-4679-994d-5a18afa8a707)

Detects the execution of AdvancedRun utility in the context of the TrustedInstaller, SYSTEM, Local Service or Network Service accounts

Cluster A Galaxy A Cluster B Galaxy B Level
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern PUA - AdvancedRun Suspicious Execution (fa00b701-44c6-4679-994d-5a18afa8a707) Sigma-Rules 1
Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2