Skip to content

Hide Navigation Hide TOC

Setup16.EXE Execution With Custom .Lst File (99c8be4f-3087-4f9f-9c24-8c7e257b442e)

Detects the execution of "Setup16.EXE" and old installation utility with a custom ".lst" file. These ".lst" file can contain references to external program that "Setup16.EXE" will execute. Attackers and adversaries might leverage this as a living of the land utility.

Cluster A Galaxy A Cluster B Galaxy B Level
Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) Attack Pattern Setup16.EXE Execution With Custom .Lst File (99c8be4f-3087-4f9f-9c24-8c7e257b442e) Sigma-Rules 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern Executable Installer File Permissions Weakness - T1574.005 (70d81154-b187-45f9-8ec5-295d01255979) Attack Pattern 2