Skip to content

Hide Navigation Hide TOC

PUA - Process Hacker Execution (811e0002-b13b-4a15-9d00-a613fce66e42)

Detects the execution of Process Hacker based on binary metadata information (Image, Hash, Imphash, etc). Process Hacker is a tool to view and manipulate processes, kernel options and other low level options. Threat actors abused older vulnerable versions to manipulate system processes.

Cluster A Galaxy A Cluster B Galaxy B Level
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern PUA - Process Hacker Execution (811e0002-b13b-4a15-9d00-a613fce66e42) Sigma-Rules 1
PUA - Process Hacker Execution (811e0002-b13b-4a15-9d00-a613fce66e42) Sigma-Rules Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 1
PUA - Process Hacker Execution (811e0002-b13b-4a15-9d00-a613fce66e42) Sigma-Rules Debugger Evasion - T1622 (e4dc8c01-417f-458d-9ee0-bb0617c1b391) Attack Pattern 1