Skip to content

Hide Navigation Hide TOC

Suspicious Driver/DLL Installation Via Odbcconf.EXE (cb0fe7c5-f3a3-484d-aa25-d350a7912729)

Detects execution of "odbcconf" with the "INSTALLDRIVER" action where the driver doesn't contain a ".dll" extension. This is often used as a defense evasion method.

Cluster A Galaxy A Cluster B Galaxy B Level
Suspicious Driver/DLL Installation Via Odbcconf.EXE (cb0fe7c5-f3a3-484d-aa25-d350a7912729) Sigma-Rules Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071) Attack Pattern 1
Odbcconf - T1218.008 (6e3bd510-6b33-41a4-af80-2d80f3ee0071) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2