Skip to content

Hide Navigation Hide TOC

Shell Open Registry Keys Manipulation (152f3630-77c1-4284-bcc0-4cc68ab2f6e7)

Detects the shell open key manipulation (exefile and ms-settings) used for persistence and the pattern of UAC Bypass using fodhelper.exe, computerdefaults.exe, slui.exe via registry keys (e.g. UACMe 33 or 62)

Cluster A Galaxy A Cluster B Galaxy B Level
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c) Attack Pattern Shell Open Registry Keys Manipulation (152f3630-77c1-4284-bcc0-4cc68ab2f6e7) Sigma-Rules 1
Shell Open Registry Keys Manipulation (152f3630-77c1-4284-bcc0-4cc68ab2f6e7) Sigma-Rules Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 1
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2