Skip to content

Hide Navigation Hide TOC

Potential DLL Sideloading Of Non-Existent DLLs From System Folders (6b98b92b-4f00-4f62-b4fe-4d1920215771)

Detects DLL sideloading of system DLLs that are not present on the system by default (at least not in system directories). Usually this technique is used to achieve UAC bypass or privilege escalation.

Cluster A Galaxy A Cluster B Galaxy B Level
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Potential DLL Sideloading Of Non-Existent DLLs From System Folders (6b98b92b-4f00-4f62-b4fe-4d1920215771) Sigma-Rules 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2