Skip to content

Hide Navigation Hide TOC

Suspicious GUP Usage (0a4f6091-223b-41f6-8743-f322ec84930b)

Detects execution of the Notepad++ updater in a suspicious directory, which is often used in DLL side-loading attacks

Cluster A Galaxy A Cluster B Galaxy B Level
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Suspicious GUP Usage (0a4f6091-223b-41f6-8743-f322ec84930b) Sigma-Rules 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2