Skip to content

Hide Navigation Hide TOC

COM Hijacking via TreatAs (dc5c24af-6995-49b2-86eb-a9ff62199e82)

Detect modification of TreatAs key to enable "rundll32.exe -sta" command

Cluster A Galaxy A Cluster B Galaxy B Level
COM Hijacking via TreatAs (dc5c24af-6995-49b2-86eb-a9ff62199e82) Sigma-Rules Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Component Object Model Hijacking - T1546.015 (bc0f5e80-91c0-4e04-9fbb-e4e332c85dae) Attack Pattern 2