Skip to content

Hide Navigation Hide TOC

DLL Search Order Hijackig Via Additional Space in Path (b6f91281-20aa-446a-b986-38a92813a18f)

Detects when an attacker create a similar folder structure to windows system folders such as (Windows, Program Files...) but with a space in order to trick DLL load search order and perform a "DLL Search Order Hijacking" attack

Cluster A Galaxy A Cluster B Galaxy B Level
DLL Search Order Hijackig Via Additional Space in Path (b6f91281-20aa-446a-b986-38a92813a18f) Sigma-Rules DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2