Techniques
Sample rules
Path To Screensaver Binary Modified
- source: sigma
- technicques:
- t1546
- t1546.002
Description
Detects value modification of registry key containing path to binary used as screensaver.
Detection logic
condition: selection and not filter
filter:
Image|endswith:
- \rundll32.exe
- \explorer.exe
selection:
TargetObject|endswith: \Control Panel\Desktop\SCRNSAVE.EXE