Techniques
Sample rules
Registry Modification Via Regini.EXE
- source: sigma
- technicques:
- t1112
Description
Detects the execution of regini.exe which can be used to modify registry keys, the changes are imported from one or more text files.
Detection logic
condition: selection and not filter
filter:
CommandLine|re: :[^ \\]
selection:
- Image|endswith: \regini.exe
- OriginalFileName: REGINI.EXE