UAC bypasses from COMAutoApprovalList
Tags
| attack-pattern: | Data Model Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | d646158e-da1f-4573-a379-5c5b56c73a1e |
| Fingerprint | 838c99f3ce74f8c |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 2, 2020, 9:31 a.m. |
| Added to db | Jan. 18, 2023, 10:29 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | The Vault |
| Title | UAC bypasses from COMAutoApprovalList |
| Detected Hints/Tags/Attributes | 40/1/35 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | oleview.net |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 9 | kernelmode.info |
|
| Details | Domain | 64 | go.microsoft.com |
|
| Details | Domain | 222 | www.blackhat.com |
|
| Details | Domain | 281 | docs.microsoft.com |
|
| Details | Domain | 41 | www.freebuf.com |
|
| Details | File | 14 | consent.exe |
|
| Details | File | 172 | dllhost.exe |
|
| Details | File | 21 | combase.dll |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 19 | kernelmode.inf |
|
| Details | File | 3 | c:\program files\internet explorer\ieinstal.exe |
|
| Details | File | 2 | handlers.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 1 | us-14-forshaw-digging-for_ie11-sandbox-escapes.pdf |
|
| Details | File | 1 | 130288.html |
|
| Details | Github username | 6 | tyranid |
|
| Details | Github username | 14 | hfiref0x |
|
| Details | Github username | 2 | azagarampur |
|
| Details | Url | 1 | https://github.com/tyranid/oleviewdotnet |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/aa768010(v=vs.85 |
|
| Details | Url | 1 | http://go.microsoft.com/fwlink/?linkid=534032 |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/windows/win32/api/shobjidl_core/nn-shobjidl_core-iapplicationassociationregistration |
|
| Details | Url | 7 | https://github.com/hfiref0x/uacme |
|
| Details | Url | 1 | https://github.com/azagarampur/byeintegrity2-uac |
|
| Details | Url | 1 | https://github.com/azagarampur/byeintegrity3-uac |
|
| Details | Url | 1 | https://www.blackhat.com/docs/us-14/materials/us-14-forshaw-digging-for_ie11-sandbox-escapes.pdf |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/windows/win32/com/ole-com-object-viewer |
|
| Details | Url | 1 | https://www.freebuf.com/articles/system/130288.html |
|
| Details | Windows Registry Key | 21 | HKEY_CLASSES_ROOT\CLSID |
|
| Details | Windows Registry Key | 16 | HKLM\Software |
|
| Details | Windows Registry Key | 104 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice |
|
| Details | Windows Registry Key | 8 | HKEY_CURRENT_USER\Software\Classes |