Skip to content

Hide Navigation Hide TOC

Potential Regsvr32 Commandline Flag Anomaly (b236190c-1c61-41e9-84b3-3fe03f6d76b0)

Detects a potential command line flag anomaly related to "regsvr32" in which the "/i" flag is used without the "/n" which should be uncommon.

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Regsvr32 Commandline Flag Anomaly (b236190c-1c61-41e9-84b3-3fe03f6d76b0) Sigma-Rules Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern 1
Regsvr32 - T1218.010 (b97f1d35-4249-4486-a6b5-ee60ccf24fab) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2