Tag
high
advisory
RegAsm Executed Without Command Line Arguments
2 rules 1 TTPThe execution of regasm.exe without command-line arguments is often indicative of process injection and potential code execution, which could lead to privilege escalation, persistence, or data compromise.
RegAsm
process-injection
defense-evasion
windows
2r
1t
medium
advisory
Regasm.exe Making External Network Connection
2 rules 2 TTPsThe detection of regasm.exe, a Microsoft-signed binary, establishing a network connection to a public IP address (excluding private ranges) may indicate command and control activity or attempts to bypass application control.
Microsoft .NET Framework
regasm
application-control-bypass
command-and-control
lolbin
2r
2t