Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Malicious Service Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
Services were affected by a non SYSTEM integrity level process.
Attacker's Goals
Escalate privileges to system and execute commands.
Investigative actions
Investigate the service being spawned on the host for malicious activities.
Variations
Elevation to SYSTEM via service creationElevation to SYSTEM via service modification