Skip to content

Hide Navigation Hide TOC

COM Object Execution via Xwizard.EXE (53d4bb30-3f36-4e8a-b078-69d36c4a79ff)

Detects the execution of Xwizard tool with the "RunWizard" flag and a GUID like argument. This utility can be abused in order to run custom COM object created in the registry.

Cluster A Galaxy A Cluster B Galaxy B Level
COM Object Execution via Xwizard.EXE (53d4bb30-3f36-4e8a-b078-69d36c4a79ff) Sigma-Rules System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 1