Skip to content

Hide Navigation Hide TOC

Fax Service DLL Search Order Hijack (828af599-4c53-4ed2-ba4a-a9f835c434ea)

The Fax service attempts to load ualapi.dll, which is non-existent. An attacker can then (side)load their own malicious DLL using this service.

Cluster A Galaxy A Cluster B Galaxy B Level
Fax Service DLL Search Order Hijack (828af599-4c53-4ed2-ba4a-a9f835c434ea) Sigma-Rules DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2