LoFP / legitimate execution of dxcap.exe by legitimate user

Techniques

• t1218

Sample rules

Application Whitelisting Bypass via Dxcap.exe

• source: sigma
• technicques:
  • t1218

Description

Detects execution of of Dxcap.exe

Detection logic

condition: all of selection*
selection_cli:
  CommandLine|contains: ' -c '
selection_img:
- Image|endswith: \DXCap.exe
- OriginalFileName: DXCap.exe