Skip to content

Hide Navigation Hide TOC

Renamed Vmnat.exe Execution (7b4f794b-590a-4ad4-ba18-7964a2832205)

Detects renamed vmnat.exe or portable version that can be used for DLL side-loading

Cluster A Galaxy A Cluster B Galaxy B Level
Renamed Vmnat.exe Execution (7b4f794b-590a-4ad4-ba18-7964a2832205) Sigma-Rules DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2