Techniques
Sample rules
New BgInfo.EXE Custom VBScript Registry Configuration
- source: sigma
- technicques:
- t1112
Description
Detects setting of a new registry value related to BgInfo configuration, which can be abused to execute custom VBScript via “BgInfo.exe”
Detection logic
condition: selection
selection:
Details|startswith: '4'
EventType: SetValue
TargetObject|contains: \Software\Winternals\BGInfo\UserFields\