← Back to Explore
T1137.002
Office Test
Adversaries may abuse the Microsoft Office "Office Test" Registry key to obtain persistence on a compromised system. An Office Test Registry location exists that allows a user to specify an arbitrary DLL that will be executed every time an Office application is started. This Registry key is thought to be used by Microsoft to load DLLs for testing and debugging purposes while developing Office applications. This Registry key is not created by default during an Office installation.(Citation: Hexac...
WindowsOffice Suite
3
Detections
2
Sources
1
Threat Actors
BY SOURCE
2sigma1elastic
PROCEDURES (2)
Registry2 detections
Auto-extracted: 2 detections for registry
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring