Hide Navigation Hide TOC

Suspicious Cabinet File Execution Via Msdt.EXE (dc4576d4-7467-424f-9eee-fd2b02855fe0)

Detects execution of msdt.exe using the "cab" flag which could indicates suspicious diagcab files with embedded answer files leveraging CVE-2022-30190

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Indirect Command Execution - T1202 (3b0e52ce-517a-4614-a523-1bd5deef6c5e)	Attack Pattern	Suspicious Cabinet File Execution Via Msdt.EXE (dc4576d4-7467-424f-9eee-fd2b02855fe0)	Sigma-Rules	1