djcmct
commented
6 months ago Hi Manish,
The REG ADD command isn't intended to create anything called startup.bat, it is used to create a registry key only. That key creation is what the subsequent analytic rule detects.
manishrps
Contact Details
manish.kumar@spektrasystems.com
What happened?
Exercise : 01 Task: 01 Step: 06
Description of issue:
While running the below command, the folder temp is getting created but startup.bat is not created, tried multiple workaround, but no luck. could you please help here ASAP. Thanks
REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "SOC Test" /t REG_SZ /F /D "C:\temp\startup.bat" Repro steps: 1.Copy and run this command to simulate program persistence: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "SOC Test" /t REG_SZ /F /D "C:\temp\startup.bat"
@GraemeMalcolm @Secretmud @ejneuman
Lab
Lab 07 Exercise 05 Conduct attacks
Relevant screenshots
paste here 😉
Do you want to help us? 👏