Skip to content

Hide Navigation Hide TOC

Potential Persistence Via Shim Database Modification (dfb5b4e8-91d0-4291-b40a-e3b0d3942c45)

Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time

Cluster A Galaxy A Cluster B Galaxy B Level
Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) Attack Pattern Potential Persistence Via Shim Database Modification (dfb5b4e8-91d0-4291-b40a-e3b0d3942c45) Sigma-Rules 1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern Application Shimming - T1546.011 (42fe883a-21ea-4cfb-b94a-78b6476dcc83) Attack Pattern 2