Techniques
Sample rules
New BgInfo.EXE Custom WMI Query Registry Configuration
- source: sigma
- technicques:
- t1112
Description
Detects setting of a new registry value related to BgInfo configuration, which can be abused to execute custom WMI query via “BgInfo.exe”
Detection logic
condition: selection
selection:
Details|startswith: '6'
EventType: SetValue
TargetObject|contains: \Software\Winternals\BGInfo\UserFields\