Skip to content

Hide Navigation Hide TOC

Suspicious Child Process Created as System (590a5f4c-6c8c-4f10-8307-89afe9453a9d)

Detection of child processes spawned with SYSTEM privileges by parents with LOCAL SERVICE or NETWORK SERVICE accounts

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Child Process Created as System (590a5f4c-6c8c-4f10-8307-89afe9453a9d) Sigma-Rules Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 1
Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern Create Process with Token - T1134.002 (677569f9-a8b0-459e-ab24-7f18091fa7bf) Attack Pattern 2