<<< Hide Navigation Hide TOC >>>
Trust Access Disable For VBApplications (1a5c46e9-f32f-42f7-b2bc-6e9084db7fbf)
Detects registry changes to Microsoft Office "AccessVBOM" to a value of "1" which disables trust access for VBA on the victim machine and lets attackers execute malicious macros without any Microsoft Office warnings.
Cluster A![]() |
Galaxy A![]() |
Cluster B![]() |
Galaxy B![]() |
Level![]() |
---|---|---|---|---|
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) | Attack Pattern | Trust Access Disable For VBApplications (1a5c46e9-f32f-42f7-b2bc-6e9084db7fbf) | Sigma-Rules | 1 |