T1012: Query Registry

Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.

The Registry contains a significant amount of information about the operating system, configuration, software, and security. Information can easily be queried using the Reg utility, though other means to access the Registry exist. Some of the information may help adversaries to further their operation within the network. Adversaries may use the information from query Registry during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Example

We can grab information about installed programs from the registry in this Demo we will use this command to check any installed office version

PreviousT1018: Remote System Discovery NextT1057: Process Discovery

Last updated 3 years ago