Skip to content

Hide Navigation Hide TOC

Potential DLL Sideloading Of Non-Existent DLLs From System Folders (6b98b92b-4f00-4f62-b4fe-4d1920215771)

Detects DLL sideloading of system DLLs that are not present on the system by default (at least not in system directories). Usually this technique is used to achieve UAC bypass or privilege escalation.

Cluster A Galaxy A Cluster B Galaxy B Level
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Potential DLL Sideloading Of Non-Existent DLLs From System Folders (6b98b92b-4f00-4f62-b4fe-4d1920215771) Sigma-Rules 1
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Potential DLL Sideloading Of Non-Existent DLLs From System Folders (6b98b92b-4f00-4f62-b4fe-4d1920215771) Sigma-Rules 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2