Techniques
Sample rules
Process Deletion of Its Own Executable
- source: sigma
- technicques:
Description
Detects the deletion of a process’s executable by itself. This is usually not possible without workarounds and may be used by malware to hide its traces.
Detection logic
condition: selection
selection:
TargetFilename|fieldref: Image