LetsDefend Monitoring Alert

Utilman.exe Winlogon Exploit Attempt

Jun, 21, 2023, 11:02 AM

Event ID: 161

Event Time: Jun, 21, 2023, 11:02 AM

Rule Name: SOC211 - Utilman.exe Winlogon Exploit Attempt

Alert Type: LOLBin

MITRE Technique:
T1136 - Persistence - Create Account,
T1546 - Persistence - Event Triggered Execution,
T1036 - Defense Evasion - Masquerading,
T1036.003 - Defense Evasion - Masquerading - Rename System Utilities,
T1546.008 - Persistence - Accessibility Features,
T1546.008 - Privilege Escalation - Event Triggered Execution - Accessibility Features,
T1546 - Persistence - Event Triggered Execution,
T1546 - Privilege Escalation - Event Triggered Execution,

Severity: Medium

Security Analyst

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166