Executables Or Script Creation In Suspicious Path

Executables Or Script Creation In Suspicious Path

Description

This analytic will identify suspicious executable or scripts (known file extensions) in list of suspicious file path in Windows. This technique is used by adversaries to evade detection. The suspicious file path are known paths used in the wild and are not common to have executable or scripts.

   Help

Executables Or Script Creation In Suspicious Path Help

To successfully implement this search you need to be ingesting information on process that include the name of the Filesystem responsible for the changes from your endpoints into the Endpoint datamodel in the Filesystem node.

   Search

Open in Search