EXPLORE
Sign In
← Back to Explore
T1547.014

Active Setup

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine. Active Setup is a Windows mechanism that is used to execute programs when a user logs in. The value stored in the Registry key will be executed after a user logs into the computer.(Citation: Klein Active Setup 2010) These programs will be executed under the context of the user and will have the account's associated permissions level. Adversaries may abuse Active Setup by creating a key under <...

Windows
4
Detections
3
Sources
0
Threat Actors

BY SOURCE

2splunk_escu1elastic1sigma

PROCEDURES (3)

Persist2 detections

Auto-extracted: 2 detections for persist

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

Privilege1 detections

Auto-extracted: 1 detections for privilege

DETECTIONS (4)

Active Setup Registry Autostart
splunk_escu
Potential Suspicious Activity Using SeCEdit
sigmamedium
Uncommon Registry Persistence Change
elasticmedium
Windows Audit Policy Auditing Option Modified - Registry
splunk_escu