Skip to content

Hide Navigation Hide TOC

DLL Search Order Hijackig Via Additional Space in Path (b6f91281-20aa-446a-b986-38a92813a18f)

Detects when an attacker create a similar folder structure to windows system folders such as (Windows, Program Files...) but with a space in order to trick DLL load search order and perform a "DLL Search Order Hijacking" attack

Cluster A Galaxy A Cluster B Galaxy B Level
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern DLL Search Order Hijackig Via Additional Space in Path (b6f91281-20aa-446a-b986-38a92813a18f) Sigma-Rules 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2