Execution via cmstp.exe¶

Identifies potentially stealthy execution via the Microsoft Connection Manager Profile Installer.

id:	56c64a8c-a787-488a-a7f2-b992d332679d
categories:	enrich
confidence:	low
os:	windows
created:	7/26/2019
updated:	7/26/2019

MITRE ATT&CK™ Mapping¶

tactics:	Defense Evasion, Execution
techniques:	T1191 CMSTP

Query¶

process where subtype.create and
  process_name == "cmstp.exe" and
  command_line == "* /s *"

Contributors¶

Endgame

Read the Docs v: latest

Versions: latest

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.