security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update proc_creation_win_rundll32_parent_explorer.yml

Browse Source
This commit is contained in:
CD-R0M
2022-05-22 15:21:41 -04:00
parent 1e728d9598
commit e9976bc3db
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_rundll32_parent_explorer.yml
+2
View File
@@ -12,6 +12,8 @@ detection:
selection:
Image|endswith: '\rundll32.exe'
ParentImage|endswith: '\explorer.exe'
filter:
CommandLine|contains: '\shell32.dll,OpenAs_RunDLL'
condition: selection
fields:
- Image