Slide 83
Slide 83 text
(1) Study Sysmon Event Log
Record 14978
{
"EventData": {
"CommandLine": “\”C:\\windows\\System32\\cmd.exe\" ... ... ”,
"Company": "Microsoft Corporation",
"CurrentDirectory": "C:\\Users\\user\\Desktop\\mal\\",
"Image": "C:\\Windows\\System32\\cmd.exe",
"OriginalFileName": "Cmd.Exe",
"ParentCommandLine": "C:\\Windows\\Explorer.EXE",
"ParentImage": "C:\\Windows\\explorer.exe",
"UtcTime": "2023-04-29 04:39:33.239"
},
"System": {
"EventID": 1,
◆ User Execution: Malicious File