Skip to content

Hide Navigation Hide TOC

Potential RjvPlatform.DLL Sideloading From Default Location (259dda31-b7a3-444f-b7d8-17f96e8a7d0d)

Detects loading of "RjvPlatform.dll" by the "SystemResetPlatform.exe" binary which can be abused as a method of DLL side loading since the "$SysReset" directory isn't created by default.

Cluster A Galaxy A Cluster B Galaxy B Level
Potential RjvPlatform.DLL Sideloading From Default Location (259dda31-b7a3-444f-b7d8-17f96e8a7d0d) Sigma-Rules DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 1
Potential RjvPlatform.DLL Sideloading From Default Location (259dda31-b7a3-444f-b7d8-17f96e8a7d0d) Sigma-Rules DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2