This is a classic attack path that was already captured by plenty of EDRs/XDRs/CWPPs a couple years ago.