Skip to content

Hide Navigation Hide TOC

Suspicious File Access to Browser Credential Storage (a1dfd976-4852-41d4-9507-dc6590a3ccd0)

Detects file access to browser credential storage paths by non-browser processes, which may indicate credential access attempts. Adversaries may attempt to access browser credential storage to extract sensitive information such as usernames and passwords or cookies. This behavior is often commonly observed in credential stealing malware.

Cluster A Galaxy A Cluster B Galaxy B Level
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Suspicious File Access to Browser Credential Storage (a1dfd976-4852-41d4-9507-dc6590a3ccd0) Sigma-Rules 1
Suspicious File Access to Browser Credential Storage (a1dfd976-4852-41d4-9507-dc6590a3ccd0) Sigma-Rules Browser Information Discovery - T1217 (5e4a2073-9643-44cb-a0b5-e7f4048446c7) Attack Pattern 1
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern 2