Add proc_creation_win_parent_run_itself

rules/windows/process_creation/proc_creation_win_parent_run_itself.yml

@@ -0,0 +1,20 @@
+title: Executable Run Itself
+id: bafd07c6-3ea5-454a-b4be-058fbb073de7
+status: experimental
+description: Detects an executable that executes himself
+references:
+    - https://www.joesandbox.com/analysis/1605063/0/html
+author: frack113
+date: 2025-02-04
+tags:
+    - attack.defense-evasion
+logsource:
+    category: process_creation
+    product: windows
+detection:
+    selection:
+        Image|fieldref: ParentImage
+    condition: selection
+falsepositives:
+    - Unknown
+level: medium