Skip to content

Hide Navigation Hide TOC

Permission Check Via Accesschk.EXE (c625d754-6a3d-4f65-9c9a-536aea960d37)

Detects the usage of the "Accesschk" utility, an access and privilege audit tool developed by SysInternal and often being abused by attacker to verify process privileges

Cluster A Galaxy A Cluster B Galaxy B Level
Permission Check Via Accesschk.EXE (c625d754-6a3d-4f65-9c9a-536aea960d37) Sigma-Rules Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern 1
Local Groups - T1069.001 (a01bf75f-00b2-4568-a58f-565ff9bf202b) Attack Pattern Permission Groups Discovery - T1069 (15dbf668-795c-41e6-8219-f0447c0e64ce) Attack Pattern 2