← Back to Explore
T1037.001
Logon Script (Windows)
Adversaries may use Windows logon scripts automatically executed at logon initialization to establish persistence. Windows allows logon scripts to be run whenever a specific user or group of users log into a system.(Citation: TechNet Logon Scripts) This is done via adding a path to a script to the <code>HKCU\Environment\UserInitMprLogonScript</code> Registry key.(Citation: Hexacorn Logon Scripts) Adversaries may use these scripts to maintain persistence on a single system. Depending on the acce...
Windows
5
Detections
3
Sources
2
Threat Actors
BY SOURCE
3sigma1elastic1splunk_escu
PROCEDURES (2)
Registry Monitoring3 detections
Auto-extracted: 3 detections for registry monitoring
Process Creation Monitoring2 detections
Auto-extracted: 2 detections for process creation monitoring