==================================================

CREATED: WIN-SC-REMOTE-SVC-CREATION (#1501)

Description

This detector identifies instance of the Windows Service Control Manger (sc.exe) with command-line arguments indicating the creation of a service on a remote endpoint. This technique is used by adversaries for lateral movement. 

ATT&CK Technique T1021

Did this answer your question?