LetsDefend Monitoring Alert

UAC Bypass Attempt via Fodhelper.exe

Mar, 18, 2024, 11:37 AM

Event ID: 240

Event Time: Mar, 18, 2024, 11:37 AM

Rule Name: SOC268 - UAC Bypass Attempt via Fodhelper.exe

Alert Type: Malware

MITRE Technique:
T1112 - Defense Evasion - Modify Registry,
T1566 - Initial Access - Phishing,
T1204 - Execution - User Execution,
T1136 - Persistence - Create Account,
T1548 - Privilege Escalation - Abuse Elevation Control Mechanism,
T1136.001 - Persistence - Create Account: Local Account,
T1548.002 - Privilege Escalation - Abuse Elevation Control Mechanism: Bypass User Account Control,

Severity: High

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166