Skip to content

Hide Navigation Hide TOC

DLL Loaded From Suspicious Location Via Cmspt.EXE (75e508f7-932d-4ebc-af77-269237a84ce1)

Detects cmstp loading "dll" or "ocx" files from suspicious locations

Cluster A Galaxy A Cluster B Galaxy B Level
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49) Attack Pattern DLL Loaded From Suspicious Location Via Cmspt.EXE (75e508f7-932d-4ebc-af77-269237a84ce1) Sigma-Rules 1
CMSTP - T1218.003 (4cbc6a62-9e34-4f94-8a19-5c1a11392a49) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2