Detection rules › By event

Service-Control-Manager event 7045

54 detection rules reference this event. View event page.

Sigma (41)

Anydesk Remote Access Software Service Installation severity medium
CobaltStrike Service Installations - System severity critical T1021.002, T1543.003, T1569.002
Credential Dumping Tools Service Execution - System severity high T1003.001, T1003.002, T1003.004, T1003.005, T1003.006, T1569.002
CSExec Service Installation severity medium T1569.002
HackTool Service Registration or Execution severity high T1569.002
Invoke-Obfuscation CLIP+ Launcher - System severity high T1027, T1059.001
Invoke-Obfuscation COMPRESS OBFUSCATION - System severity medium T1027, T1059.001
Invoke-Obfuscation Obfuscated IEX Invocation - System severity high T1027
Invoke-Obfuscation RUNDLL LAUNCHER - System severity medium T1027, T1059.001
Invoke-Obfuscation STDIN+ Launcher - System severity high T1027, T1059.001
Invoke-Obfuscation VAR+ Launcher - System severity high T1027, T1059.001
Invoke-Obfuscation VAR++ LAUNCHER OBFUSCATION - System severity high T1027, T1059.001
Invoke-Obfuscation Via Stdin - System severity high T1027, T1059.001
Invoke-Obfuscation Via Use Clip - System severity high T1027, T1059.001
Invoke-Obfuscation Via Use MSHTA - System severity high T1027, T1059.001
Invoke-Obfuscation Via Use Rundll32 - System severity high T1027, T1059.001
KrbRelayUp Service Installation severity high T1543
Mesh Agent Service Installation severity medium T1219.002
Meterpreter or Cobalt Strike Getsystem Service Installation - System severity high T1134.001, T1134.002
Moriya Rootkit - System severity critical T1543.003
NetSupport Manager Service Install severity medium
New PDQDeploy Service - Client Side severity medium T1543.003
New PDQDeploy Service - Server Side severity medium T1543.003
PAExec Service Installation severity medium T1569.002
PowerShell Scripts Installed as Services severity high T1569.002
ProcessHacker Privilege Elevation severity high T1543.003, T1569.002
PsExec Service Installation severity medium T1569.002
RemCom Service Installation severity medium T1569.002
Remote Access Tool Services Have Been Installed - System severity medium T1543.003, T1569.002
Remote Utilities Host Service Install severity medium
RTCore Suspicious Service Installation severity high
Service Installation in Suspicious Folder severity medium T1543.003
Service Installation with Suspicious Folder Pattern severity high T1543.003
Service Installed By Unusual Client - System severity high T1543
Sliver C2 Default Service Installation severity high T1543.003, T1569.002
smbexec.py Service Installation severity high T1021.002, T1569.002
Suspicious Service Installation severity high T1543.003
Suspicious Service Installation Script severity high T1543.003
TacticalRMM Service Installation severity medium T1219.002
Tap Driver Installation severity medium T1048
Uncommon Service Installation Image Path severity medium T1543.003

Elastic (1)

Suspicious Service was Installed in the System T1543, T1543.003