File in suspicious location encoded to base64 via certutil.exe

Intel Name: File in suspicious location encoded to base64 via certutil.exe

Date of Scan: January 9, 2025

Impact: High

Summary:
Detects the execution of certutil with the “encode” flag to convert a file to Base64, targeting files located in potentially suspicious directories.

More Details