Skip to content

Hide Navigation Hide TOC

Service Registry Key Read Access Request (11d00fff-5dc3-428c-8184-801f292faec0)

Detects "read access" requests on the services registry key. Adversaries may execute their own malicious payloads by hijacking the Registry entries used by services. Adversaries may use flaws in the permissions for Registry keys related to services to redirect from the originally specified executable to one that they control, in order to launch their own code when a service starts.

Cluster A Galaxy A Cluster B Galaxy B Level
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) Attack Pattern Service Registry Key Read Access Request (11d00fff-5dc3-428c-8184-801f292faec0) Sigma-Rules 1
Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2