← Back to Explore
T1218.012
Verclsid
Adversaries may abuse verclsid.exe to proxy execution of malicious code. Verclsid.exe is known as the Extension CLSID Verification Host and is responsible for verifying each shell extension before they are used by Windows Explorer or the Windows Shell.(Citation: WinOSBite verclsid.exe) Adversaries may abuse verclsid.exe to execute malicious payloads. This may be achieved by running <code>verclsid.exe /S /C {CLSID}</code>, where the file is referenced by a Class ID (CLSID), a unique identificati...
Windows
1
Detections
1
Sources
0
Threat Actors
BY SOURCE
1splunk_escu
PROCEDURES (1)
General Monitoring1 detections
Auto-extracted: 1 detections for general monitoring