Tag
medium
advisory
Unusual Service Host Child Process - Childless Service
2 rules 2 TTPsThis detection identifies unusual child processes of Service Host (svchost.exe) that traditionally do not spawn child processes, potentially indicating code injection or exploitation.
m365_defender +3
process_injection
privilege_escalation
defense_evasion
windows
2r
2t
medium
advisory
Suspicious Svchost.exe Child Process: cmd.exe
2 rules 2 TTPsDetection of cmd.exe being spawned by svchost.exe, which is an unusual behavior indicative of potential masquerading or privilege escalation attempts on Windows systems.
execution
windows
process_injection
privilege_escalation
2r
2t