LetsDefend Monitoring Alert

PsExec Service Execution Alert

Apr, 10, 2023, 02:34 PM

Event ID: 135

Event Time: Apr, 10, 2023, 02:34 PM

Rule Name: SOC185 - PsExec Service Execution Alert

Alert Type: LOLBin

MITRE Technique:
T1543.002 - Privilege Escalation - Create or Modify System Process: Systemd Service,
T1078 - Initial Access - Valid Accounts,
T1087 - Discovery - Account Discovery,
T1569 - Execution - System Services,
T1078 - Defense Evasion - Valid Accounts,
T1136 - Persistence - Create Account,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166