Skip to content

Hide Navigation Hide TOC

Usage of Renamed Sysinternals Tools - RegistrySet (8023f872-3f1d-4301-a384-801889917ab4)

Detects non-sysinternals tools setting the "accepteula" key which normally is set on sysinternals tool execution

Cluster A Galaxy A Cluster B Galaxy B Level
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Usage of Renamed Sysinternals Tools - RegistrySet (8023f872-3f1d-4301-a384-801889917ab4) Sigma-Rules 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2