Skip to content

Hide Navigation Hide TOC

Suspicious GUP Usage (0a4f6091-223b-41f6-8743-f322ec84930b)

Detects execution of the Notepad++ updater in a suspicious directory, which is often used in DLL side-loading attacks

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious GUP Usage (0a4f6091-223b-41f6-8743-f322ec84930b) Sigma-Rules DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2