Potential Registry Persistence Attempt Via DbgManagedDebugger (9827ae57-3802-418f-994b-d5ecf5cd974b)
Detects the addition of the "Debugger" value to the "DbgManagedDebugger" key in order to achieve persistence. Which will get invoked when an application crashes
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Potential Registry Persistence Attempt Via DbgManagedDebugger (9827ae57-3802-418f-994b-d5ecf5cd974b) | Sigma-Rules | Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) | Attack Pattern | 1 |