Skip to content

Hide Navigation Hide TOC

CobaltStrike Load by Rundll32 (ae9c6a7c-9521-42a6-915e-5aaa8689d529)

Rundll32 can be use by Cobalt Strike with StartW function to load DLLs from the command line.

Cluster A Galaxy A Cluster B Galaxy B Level
CobaltStrike Load by Rundll32 (ae9c6a7c-9521-42a6-915e-5aaa8689d529) Sigma-Rules Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 1
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 2