Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Generic Persistence Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
Uncommon execution of an executable found in an early startup stage by Windows system binary.
Attacker's Goals
- Attackers aim to get persistence to continue operating even after a reboot.
Investigative actions
- Check if the Causality Group Owner (CGO) has a related persistence mechanism that may have been abused by an attacker.
Variations
Execution of an uncommon process at an early startup stage by Windows system binary with suspicious characteristicsExecution of an uncommon process at an early startup stage by Windows system binary with uncommon characteristics