Skip to content

Hide Navigation Hide TOC

Potential Vcruntime140 DLL Sideloading (d7a63acb-1284-49bc-bfea-7771146c8b1c)

Detects potential DLL sideloading of vcruntime140.dll, a common C++ runtime library. Threat actors have been observed using DLL sideloading techniques to load malicious payloads under the guise of legitimate applications such as SqlWriter, SqlDumper etc. Notably, APT29 has been documented leveraging WinELOADER to sideload vcruntime140.dll for executing malicious code.

Cluster A Galaxy A Cluster B Galaxy B Level
Potential Vcruntime140 DLL Sideloading (d7a63acb-1284-49bc-bfea-7771146c8b1c) Sigma-Rules DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2