Set autostart key via New-ItemProperty Cmdlet

Mar 21, 2023 ·

Sigma rule (View on GitHub)

 1title: Set autostart key via New-ItemProperty Cmdlet  
 2status: experimental
 3description: Set autostart key via New-ItemProperty Cmdlet
 4author: Joe Security
 5date: 2023-03-21
 6id: 200110
 7threatname:
 8behaviorgroup: 2
 9classification: 4
10logsource:
11    category: process_creation
12    product: windows
13detection:
14    selection:
15        CommandLine:
16            - '*new-itemproperty -path *\software\microsoft\windows\currentversion\run*'
17    condition: selection
18level: critical