Skip to content

Hide Navigation Hide TOC

ServiceDll Hijack (612e47e9-8a59-43a6-b404-f48683f45bd6)

Detects changes to the "ServiceDLL" value related to a service in the registry. This is often used as a method of persistence.

Cluster A Galaxy A Cluster B Galaxy B Level
ServiceDll Hijack (612e47e9-8a59-43a6-b404-f48683f45bd6) Sigma-Rules Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 1
Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern 2