Skip to content

Hide Navigation Hide TOC

RegAsm.EXE Execution Without CommandLine Flags or Files (651f87f7-12db-47f9-84c5-f27b081b94b6)

Detects the execution of "RegAsm.exe" without a commandline flag or file, which might indicate potential process injection activity. Usually "RegAsm.exe" should point to a dedicated DLL file or call the help with the "/?" flag.

Cluster A Galaxy A Cluster B Galaxy B Level
RegAsm.EXE Execution Without CommandLine Flags or Files (651f87f7-12db-47f9-84c5-f27b081b94b6) Sigma-Rules Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern 1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Regsvcs/Regasm - T1218.009 (c48a67ee-b657-45c1-91bf-6cdbe27205f8) Attack Pattern 2