Skip to content

Hide Navigation Hide TOC

System Control Panel Item Loaded From Uncommon Location (2b140a5c-dc02-4bb8-b6b1-8bdb45714cde)

Detects image load events of system control panel items (.cpl) from uncommon or non-system locations that may indicate DLL sideloading or other abuse techniques.

Cluster A Galaxy A Cluster B Galaxy B Level
System Control Panel Item Loaded From Uncommon Location (2b140a5c-dc02-4bb8-b6b1-8bdb45714cde) Sigma-Rules DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2