Techniques
Sample rules
PUA - Process Hacker Driver Load
- source: sigma
- technicques:
- t1543
Description
Detects driver load of the Process Hacker tool
Detection logic
condition: selection
selection:
- ImageLoaded|endswith: \kprocesshacker.sys
- Hashes|contains:
- IMPHASH=821D74031D3F625BCBD0DF08B70F1E77
- IMPHASH=F86759BB4DE4320918615DC06E998A39
- IMPHASH=0A64EEB85419257D0CE32BD5D55C3A18
- IMPHASH=6E7B34DFC017700B1517B230DF6FF0D0