Sc Exe Manipulating Windows Services

Description

This search looks for arguments to sc.exe indicating the creation or modification of a Windows service.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Adversary Tactics

Alert Volume

This search looks for arguments to sc.exe indicating the creation or modification of a Windows service.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Persistence
Privilege Escalation

MITRE ATT&CK Techniques

Create or Modify System Process

Windows Service

MITRE Threat Groups

APT19
APT3
APT32
APT41
Blue Mockingbird
Carbanak
Cobalt Group
DarkVishnya
FIN7
Honeybee
Ke3chang
Kimsuky
Lazarus Group
PROMETHIUM
Threat Group-3390
Tropic Trooper
Wizard Spider

Data Sources

Endpoint Detection and Response

   Search

Open in Search