wuauclt (06fe608d-a517-492f-8557-cfb820984146)
This object contains information sourced from the Living Off The Land Binaries, Scripts and Libraries (LOLBAS) project, which is licensed under GNU General Public License v3.0.
Description: Windows Update Client
Author: David Middlehurst
Paths: * C:\Windows\System32\wuauclt.exe
Resources: * https://dtm.uk/wuauclt/
Detection: * Sigma: net_connection_win_wuauclt_network_connection.yml * Sigma: proc_creation_win_lolbin_wuauclt.yml * Sigma: proc_creation_win_wuauclt_execution.yml * IOC: wuauclt run with a parameter of a DLL path * IOC: Suspicious wuauclt Internet/network connections[wuauclt.exe - LOLBAS Project]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Lazarus Group (0bc66e95-de93-4de7-b415-4041b7191f08) | Tidal Groups | wuauclt (06fe608d-a517-492f-8557-cfb820984146) | Tidal Software | 1 |