An unsigned process created scheduled task and performed an injection

Cortex XSIAM Analytics Alert Reference by Alert name
Product
Cortex XSIAM
Last date published
2026-05-10
Category
Analytics Alert Reference
Index by
Alert name

Synopsis

Activation Period

14 Days

Training Period

30 Days

Test Period

4 Hours

Deduplication Period

1 Day

Required Data

  • Requires:
    • XDR Agent

Detection Modules

Detector Tags

Scheduled tasks Analytics

ATT&CK Tactic

ATT&CK Technique

Severity

Medium

Description

An unsigned process created scheduled task and performed an injection.

Attacker's Goals

To ensure they have persistence on the system, the threat actor may use scheduled tasks to set persistence, Then, to avoid detection and carry out stealth execution, they may inject a malicious payload into a remote process.

Investigative actions

  • Investigate the injection payload and the injection process.
  • Check if the scheduled task trigger payload is malicious.

Variations

Possible an unsigned installer created scheduled task and performed an injection

Synopsis

ATT&CK Tactic

ATT&CK Technique

Severity

Low

Description

Possible an unsigned installer created scheduled task and performed an injection.

Attacker's Goals

To ensure they have persistence on the system, the threat actor may use scheduled tasks to set persistence, Then, to avoid detection and carry out stealth execution, they may inject a malicious payload into a remote process.

Investigative actions

  • Investigate the injection payload and the injection process.
  • Check if the scheduled task trigger payload is malicious.