Techniques
Sample rules
PUA - Process Hacker Driver Load
- source: sigma
- technicques:
- t1543
Description
Detects driver load of the Process Hacker tool
Detection logic
condition: 1 of selection_*
selection_image:
ImageLoaded|endswith: \kprocesshacker.sys
selection_processhack_hashes:
Imphash:
- 821D74031D3F625BCBD0DF08B70F1E77
- F86759BB4DE4320918615DC06E998A39
- 0A64EEB85419257D0CE32BD5D55C3A18
- 6E7B34DFC017700B1517B230DF6FF0D0
selection_processhack_sysmon:
Hashes|contains:
- IMPHASH=821D74031D3F625BCBD0DF08B70F1E77
- IMPHASH=F86759BB4DE4320918615DC06E998A39
- IMPHASH=0A64EEB85419257D0CE32BD5D55C3A18
- IMPHASH=6E7B34DFC017700B1517B230DF6FF0D0