Skip to content

Hide Navigation Hide TOC

Registry Modification of MS-settings Protocol Handler (dd3ee8cc-f751-41c9-ba53-5a32ed47e563)

Detects registry modifications to the 'ms-settings' protocol handler, which is frequently targeted for UAC bypass or persistence. Attackers can modify this registry to execute malicious code with elevated privileges by hijacking the command execution path.

Cluster A Galaxy A Cluster B Galaxy B Level
Registry Modification of MS-settings Protocol Handler (dd3ee8cc-f751-41c9-ba53-5a32ed47e563) Sigma-Rules Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c) Attack Pattern 1
Registry Modification of MS-settings Protocol Handler (dd3ee8cc-f751-41c9-ba53-5a32ed47e563) Sigma-Rules Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
Registry Modification of MS-settings Protocol Handler (dd3ee8cc-f751-41c9-ba53-5a32ed47e563) Sigma-Rules Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 1
Change Default File Association - T1546.001 (98034fef-d9fb-4667-8dc4-2eab6231724c) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) Attack Pattern Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) Attack Pattern 2