Execution via cmstp.exe¶
Identifies potentially stealthy execution via the Microsoft Connection Manager Profile Installer.
id: | 56c64a8c-a787-488a-a7f2-b992d332679d |
---|---|
categories: | enrich |
confidence: | low |
os: | windows |
created: | 7/26/2019 |
updated: | 7/26/2019 |
MITRE ATT&CK™ Mapping¶
tactics: | Defense Evasion, Execution |
---|---|
techniques: | T1191 CMSTP |
Query¶
process where subtype.create and
process_name == "cmstp.exe" and
command_line == "* /s *"