From 11ce8a1e5b4ebcb3ea38c834ff8c2cdbf55f86c8 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Tue, 15 Nov 2022 22:56:51 +0100
Subject: [PATCH] fix: deprecate 5f113a8f-8b61-41ca-b90f-d374fa7e4a39

---
 .../windows}/proc_access_win_in_memory_assembly_execution.yml   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename {rules/windows/process_access => rules-deprecated/windows}/proc_access_win_in_memory_assembly_execution.yml (99%)

diff --git a/rules/windows/process_access/proc_access_win_in_memory_assembly_execution.yml b/rules-deprecated/windows/proc_access_win_in_memory_assembly_execution.yml
similarity index 99%
rename from rules/windows/process_access/proc_access_win_in_memory_assembly_execution.yml
rename to rules-deprecated/windows/proc_access_win_in_memory_assembly_execution.yml
index 418d82b29..d77205532 100644
--- a/rules/windows/process_access/proc_access_win_in_memory_assembly_execution.yml
+++ b/rules-deprecated/windows/proc_access_win_in_memory_assembly_execution.yml
@@ -1,6 +1,6 @@
 title: Suspicious In-Memory Module Execution
 id: 5f113a8f-8b61-41ca-b90f-d374fa7e4a39
-status: experimental
+status: deprecated
 description: |
     Detects the access to processes by other suspicious processes which have reflectively loaded libraries in their memory space.
     An example is SilentTrinity C2 behaviour. Generally speaking, when Sysmon EventID 10 cannot reference a stack call to a dll loaded from disk (the standard way),