Skip to content

Hide Navigation Hide TOC

Potential DLL Sideloading Using Coregen.exe (0fa66f66-e3f6-4a9c-93f8-4f2610b00171)

Detect usage of the "coregen.exe" (Microsoft CoreCLR Native Image Generator) binary to sideload arbitrary DLLs.

Cluster A Galaxy A Cluster B Galaxy B Level
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Potential DLL Sideloading Using Coregen.exe (0fa66f66-e3f6-4a9c-93f8-4f2610b00171) Sigma-Rules 1
Potential DLL Sideloading Using Coregen.exe (0fa66f66-e3f6-4a9c-93f8-4f2610b00171) Sigma-Rules System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 1