Skip to content

Hide Navigation Hide TOC

Suspicious Execution Of Renamed Sysinternals Tools - Registry (f50f3c09-557d-492d-81db-9064a8d4e211)

Detects the creation of the "accepteula" key related to the Sysinternals tools being created from executables with the wrong name (e.g. a renamed Sysinternals tool)

Cluster A Galaxy A Cluster B Galaxy B Level
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Suspicious Execution Of Renamed Sysinternals Tools - Registry (f50f3c09-557d-492d-81db-9064a8d4e211) Sigma-Rules 1
Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0) Attack Pattern Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1) Attack Pattern 2