Skip to content

Hide Navigation Hide TOC

Security Event Logging Disabled via MiniNt Registry Key - Registry Set (8839e550-52d7-4958-9f2f-e13c1e736838)

Detects the addition of the 'MiniNt' key to the registry. Upon a reboot, Windows Event Log service will stop writing events. Windows Event Log is a service that collects and stores event logs from the operating system and applications. It is an important component of Windows security and auditing. Adversary may want to disable this service to disable logging of security events which could be used to detect their activities.

Cluster A Galaxy A Cluster B Galaxy B Level
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern Security Event Logging Disabled via MiniNt Registry Key - Registry Set (8839e550-52d7-4958-9f2f-e13c1e736838) Sigma-Rules 1
Security Event Logging Disabled via MiniNt Registry Key - Registry Set (8839e550-52d7-4958-9f2f-e13c1e736838) Sigma-Rules Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 1
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern Disable Windows Event Logging - T1562.002 (4eb28bed-d11a-4641-9863-c2ac017d910a) Attack Pattern 2