Skip to content

Hide Navigation Hide TOC

Service Registry Key Read Access Request (11d00fff-5dc3-428c-8184-801f292faec0)

Detects "read access" requests on the services registry key. Adversaries may execute their own malicious payloads by hijacking the Registry entries used by services. Adversaries may use flaws in the permissions for Registry keys related to services to redirect from the originally specified executable to one that they control, in order to launch their own code when a service starts.

Cluster A Galaxy A Cluster B Galaxy B Level
Service Registry Key Read Access Request (11d00fff-5dc3-428c-8184-801f292faec0) Sigma-Rules Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) Attack Pattern 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Services Registry Permissions Weakness - T1574.011 (17cc750b-e95b-4d7d-9dde-49e0de24148c) Attack Pattern 2