Setting Environment Variables Via Setx.EXE

Rule Info

Name
Setting Environment Variables Via Setx.EXE
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects execution of the "setx.exe" utility. This utility allows for the creation or modification of environment variables in the user or system environment, without requiring programming or scripting. The Setx command also retrieves the values of registry keys and writes them to text files.
Reference
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/setx
Date
2024-05-02 00:00:00
Modified
None
Id
d2f71374-87d7-45bd-ac36-e01c248fc71c
Tags
attack.defense_evasion
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022