Skip to content

Hide Navigation Hide TOC

Python Image Load By Non-Python Process (cbb56d62-4060-40f7-9466-d8aaf3123f83)

Detects the image load of "Python Core" by a non-Python process. This might be indicative of a Python script bundled with Py2Exe.

Cluster A Galaxy A Cluster B Galaxy B Level
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Python Image Load By Non-Python Process (cbb56d62-4060-40f7-9466-d8aaf3123f83) Sigma-Rules 1
Software Packing - T1027.002 (deb98323-e13f-4b0c-8d94-175379069062) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2