EXPLORE
Sign In
← Back to Explore
T1218.002

Control Panel

Adversaries may abuse control.exe to proxy execution of malicious payloads. The Windows Control Panel process binary (control.exe) handles execution of Control Panel items, which are utilities that allow users to view and adjust computer settings. Control Panel items are registered executable (.exe) or Control Panel (.cpl) files, the latter are actually renamed dynamic-link library (.dll) files that export a <code>CPlApplet</code> function.(Citation: Microsoft Implementing CPL)(Citation: TrendM...

Windows
5
Detections
3
Sources
0
Threat Actors

BY SOURCE

3elastic1sigma1splunk_escu

PROCEDURES (5)

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Process Creation Monitoring1 detections

Auto-extracted: 1 detections for process creation monitoring

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Network Connection Monitoring1 detections

Auto-extracted: 1 detections for network connection monitoring

DETECTIONS (5)

Control Loading from World Writable Directory
splunk_escu
Control Panel Items
sigmahigh
Control Panel Process with Unusual Arguments
elastichigh
Suspicious MS Office Child Process
elasticmedium
Unusual Network Activity from a Windows System Binary
elasticmedium