Skip to content

Hide Navigation Hide TOC

Potential Shim Database Persistence via Sdbinst.EXE (517490a7-115a-48c6-8862-1a481504d5a8)

Detects installation of a new shim using sdbinst.exe. Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims

Cluster A Galaxy A Cluster B Galaxy B Level
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) Attack Pattern Potential Shim Database Persistence via Sdbinst.EXE (517490a7-115a-48c6-8862-1a481504d5a8) Sigma-Rules 1
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2