detection.wiki

Service Control Manager › Event 7023

Event ID 7023 —

Provider
Service Control Manager
Channel
System
Level
Error
Collection Priority
Recommended (NSA)

Fields #

NameDescription
param1 UnicodeString
param2 UnicodeString
Binary

Example Event #

{
  "system": {
    "provider": "Service Control Manager",
    "guid": "{555908d1-a6d7-4695-8e1e-26931d2012f4}",
    "event_source_name": "Service Control Manager",
    "event_id": 7023,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9259400833873739776,
    "time_created": "2022-04-07T16:53:23.388188+00:00",
    "event_record_id": 1227,
    "correlation": {},
    "execution": {
      "process_id": 648,
      "thread_id": 940
    },
    "channel": "System",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "param1": "IsmServ",
    "param2": "%%58",
    "Binary": "490073006D0053006500720076000000"
  },
  "message": ""
}

Detection Rules #

View all rules referencing this event →

Sigma # view in reference

References #