Tag

File_creation

4 briefs RSS

Execution of File Written or Modified by Microsoft Office

This rule detects the creation and execution of executable files by Microsoft Office applications, which is often associated with malicious documents containing scripts or exploitation of Microsoft Office vulnerabilities, leading to the execution of arbitrary code.

WINWORD.EXE +8 execution ms_office file_creation malware

3r 3t Jan 3, 2024

high advisory

Windows .Key File Creation in Root Directory

2 rules 1 TTP

This search detects the creation of a .key file in the root directory of the system drive, an activity associated with ransomware execution before file encryption.

Splunk Enterprise +2 ransomware file_creation windows

2r 1t Jan 3, 2024

high advisory

Detects Windows XLL File Creation Outside of Typical Location

2 rules 2 TTPs

The creation of an XLL file outside of typical locations can indicate an attempt to abuse Excel COM objects to load and execute a malicious XLL payload, often used in spearphishing attacks to achieve remote code execution.

Excel +3 xll file_creation endpoint

2r 2t Jan 3, 2024

medium advisory

Adobe RdrCEF.exe Hijack for Persistence

2 rules 2 TTPs

Attackers can maintain persistence by replacing the legitimate RdrCEF.exe executable with a malicious one, which is executed every time Adobe Acrobat Reader is launched.

Acrobat Reader DC persistence adobe file_creation hijack_execution_flow

2r 2t Jan 3, 2024