Hide Navigation Hide TOC

Suspicious ScreenSave Change by Reg.exe (0fc35fc3-efe6-4898-8a37-0b233339524f)

Adversaries may establish persistence by executing malicious content triggered by user inactivity. Screensavers are programs that execute after a configurable time of user inactivity and consist of Portable Executable (PE) files with a .scr file extension

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Suspicious ScreenSave Change by Reg.exe (0fc35fc3-efe6-4898-8a37-0b233339524f)	Sigma-Rules	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	Screensaver - T1546.002 (ce4b7013-640e-48a9-b501-d0025a95f4bf)	Attack Pattern	2