Skip to content

Hide Navigation Hide TOC

Use of Setres.exe (835e75bf-4bfd-47a4-b8a6-b766cac8bcb7)

Detects the use of Setres.exe to set the screen resolution and then potentially launch a file named "choice" (with any executable extension such as ".cmd" or ".exe") from the current execution path

Cluster A Galaxy A Cluster B Galaxy B Level
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e) Attack Pattern Use of Setres.exe (835e75bf-4bfd-47a4-b8a6-b766cac8bcb7) Sigma-Rules 1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Use of Setres.exe (835e75bf-4bfd-47a4-b8a6-b766cac8bcb7) Sigma-Rules 1