Skip to content

Hide Navigation Hide TOC

PUA - Sysinternals Tools Execution - Registry (c7da8edc-49ae-45a2-9e61-9fd860e4e73d)

Detects the execution of some potentially unwanted tools such as PsExec, Procdump, etc. (part of the Sysinternals suite) via the creation of the "accepteula" registry key.

Cluster A Galaxy A Cluster B Galaxy B Level
PUA - Sysinternals Tools Execution - Registry (c7da8edc-49ae-45a2-9e61-9fd860e4e73d) Sigma-Rules Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 1
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern 2