Carrie Roberts
1bfefdacfc
* provide elevation_required attribute * provide elevation_required attribute * provide elevation_required attribute
26 lines
664 B
YAML
26 lines
664 B
YAML
---
|
|
attack_technique: T1042
|
|
display_name: Change Default File Association
|
|
|
|
atomic_tests:
|
|
- name: Change Default File Association
|
|
description: |
|
|
Change Default File Association From cmd.exe
|
|
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
extension_to_change:
|
|
description: File Extension To Hijack
|
|
type: String
|
|
default: .wav
|
|
target_exenstion_handler:
|
|
description: Thing To Open
|
|
type: Path
|
|
default: C:\Program Files\Windows Media Player\wmplayer.exe
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: false
|
|
command: |
|
|
cmd.exe /c assoc #{extension_to_change}="#{target_exenstion_handler}"
|