detection.wiki

Service Control Manager › Event 7034

Event ID 7034 —

Provider
Service Control Manager
Channel
System
Level
Error
Collection Priority
Recommended (NSA, others)

Fields #

NameDescription
param1 UnicodeString
param2 UnicodeString
Binary

Example Event #

{
  "system": {
    "provider": "Service Control Manager",
    "guid": "{555908d1-a6d7-4695-8e1e-26931d2012f4}",
    "event_source_name": "Service Control Manager",
    "event_id": 7034,
    "version": 0,
    "level": 2,
    "task": 0,
    "opcode": 0,
    "keywords": 9259400833873739776,
    "time_created": "2023-10-25T22:56:14.228587+00:00",
    "event_record_id": 1465,
    "correlation": {},
    "execution": {
      "process_id": 800,
      "thread_id": 7704
    },
    "channel": "System",
    "computer": "WinDevEval",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "param1": "OpenSSH SSH Server",
    "param2": "1",
    "Binary": "73007300680064000000"
  },
  "message": ""
}

Detection Rules #

View all rules referencing this event →

Sigma # view in reference

References #