Skip to content

Hide Navigation Hide TOC

Potential Configuration And Service Reconnaissance Via Reg.EXE (970007b7-ce32-49d0-a4a4-fbef016950bd)

Detects the usage of "reg.exe" in order to query reconnaissance information from the registry. Adversaries may interact with the Windows registry to gather information about credentials, the system, configuration, and installed software.

Cluster A Galaxy A Cluster B Galaxy B Level
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Potential Configuration And Service Reconnaissance Via Reg.EXE (970007b7-ce32-49d0-a4a4-fbef016950bd) Sigma-Rules 1
Potential Configuration And Service Reconnaissance Via Reg.EXE (970007b7-ce32-49d0-a4a4-fbef016950bd) Sigma-Rules Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 1