Techniques
Sample rules
Suspicious LOLBIN AccCheckConsole
- source: sigma
- technicques:
Description
Detects suspicious LOLBIN AccCheckConsole execution with parameters as used to load an arbitrary DLL
Detection logic
condition: all of selection*
selection_cli:
CommandLine|contains|all:
- ' -window '
- .dll
selection_img:
- Image|endswith: \AccCheckConsole.exe
- OriginalFileName: AccCheckConsole.exe