Skip to content

Hide Navigation Hide TOC

Msiexec.EXE Initiated Network Connection Over HTTP (8e5e38e4-5350-4c0b-895a-e872ce0dd54f)

Detects an initiated network connection by "Msiexec.exe" over port 80 or 443. Adversaries might abuse "msiexec.exe" to install and execute remotely hosted packages.

Cluster A Galaxy A Cluster B Galaxy B Level
Msiexec.EXE Initiated Network Connection Over HTTP (8e5e38e4-5350-4c0b-895a-e872ce0dd54f) Sigma-Rules Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Msiexec - T1218.007 (365be77f-fc0e-42ee-bac8-4faf806d9336) Attack Pattern 2