Skip to content

Hide Navigation Hide TOC

Potentially Suspicious Desktop Background Change Using Reg.EXE (8cbc9475-8d05-4e27-9c32-df960716c701)

Detects the execution of "reg.exe" to alter registry keys that would replace the user's desktop background. This is a common technique used by malware to change the desktop background to a ransom note or other image.

Cluster A Galaxy A Cluster B Galaxy B Level
Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern Potentially Suspicious Desktop Background Change Using Reg.EXE (8cbc9475-8d05-4e27-9c32-df960716c701) Sigma-Rules 1
Potentially Suspicious Desktop Background Change Using Reg.EXE (8cbc9475-8d05-4e27-9c32-df960716c701) Sigma-Rules Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 2