Skip to content

Hide Navigation Hide TOC

Potential DLL Sideloading Of Non-Existent DLLs From System Folders (6b98b92b-4f00-4f62-b4fe-4d1920215771)

Detects loading of specific system DLL files that are usually not present on the system (or at least not in system directories) but may be loaded by legitimate processes, potentially indicating phantom DLL hijacking attempts. Phantom DLL hijacking involves placing malicious DLLs with names of non-existent system binaries in locations where legitimate applications may search for them, leading to execution of the malicious DLLs.

Cluster A Galaxy A Cluster B Galaxy B Level
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Potential DLL Sideloading Of Non-Existent DLLs From System Folders (6b98b92b-4f00-4f62-b4fe-4d1920215771) Sigma-Rules 1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2