LetsDefend Monitoring Alert
UAC Bypass Attempt via Fodhelper.exe
Mar, 18, 2024, 11:37 AM
Event ID: 240
Event Time: Mar, 18, 2024, 11:37 AM
Rule Name: SOC268 - UAC Bypass Attempt via Fodhelper.exe
Alert Type: Malware
MITRE Technique:
T1112 - Defense Evasion - Modify Registry,
T1566 - Initial Access - Phishing,
T1204 - Execution - User Execution,
T1136 - Persistence - Create Account,
T1548 - Privilege Escalation - Abuse Elevation Control Mechanism,
T1136.001 - Persistence - Create Account: Local Account,
T1548.002 - Privilege Escalation - Abuse Elevation Control Mechanism: Bypass User Account Control,
Severity: High
Incident Responder