Skip to content

Hide Navigation Hide TOC

Potentially Suspicious DLL Registered Via Odbcconf.EXE (ba4cfc11-d0fa-4d94-bf20-7c332c412e76)

Detects execution of "odbcconf" with the "REGSVR" action where the DLL in question doesn't contain a ".dll" extension. Which is often used as a method to evade defenses.

Cluster A Galaxy A Cluster B Galaxy B Level
Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071) Attack Pattern Potentially Suspicious DLL Registered Via Odbcconf.EXE (ba4cfc11-d0fa-4d94-bf20-7c332c412e76) Sigma-Rules 1
Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2