Skip to content

Hide Navigation Hide TOC

Potential Configuration And Service Reconnaissance Via Reg.EXE (970007b7-ce32-49d0-a4a4-fbef016950bd)

Detects the usage of "reg.exe" in order to query reconnaissance information from the registry. Adversaries may interact with the Windows registry to gather information about credentials, the system, configuration, and installed software.

Cluster A Galaxy A Cluster B Galaxy B Level
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern Potential Configuration And Service Reconnaissance Via Reg.EXE (970007b7-ce32-49d0-a4a4-fbef016950bd) Sigma-Rules 1
Potential Configuration And Service Reconnaissance Via Reg.EXE (970007b7-ce32-49d0-a4a4-fbef016950bd) Sigma-Rules System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 1