Skip to content

Hide Navigation Hide TOC

ManageEngine Endpoint Central Dctask64.EXE Potential Abuse (6345b048-8441-43a7-9bed-541133633d7a)

Detects the execution of "dctask64.exe", a signed binary by ZOHO Corporation part of ManageEngine Endpoint Central. This binary can be abused for DLL injection, arbitrary command and process execution.

Cluster A Galaxy A Cluster B Galaxy B Level
ManageEngine Endpoint Central Dctask64.EXE Potential Abuse (6345b048-8441-43a7-9bed-541133633d7a) Sigma-Rules Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 1
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Dynamic-link Library Injection - T1055.001 (f4599aa0-4f85-4a32-80ea-fc39dc965945) Attack Pattern 2