Skip to content

Hide Navigation Hide TOC

Creation Of Non-Existent System DLL (df6ecb8b-7822-4f4b-b412-08f524b4576c)

Detects the creation of system DLLs that are usually not present on the system (or at least not in system directories). Usually this technique is used to achieve DLL hijacking.

Cluster A Galaxy A Cluster B Galaxy B Level
Creation Of Non-Existent System DLL (df6ecb8b-7822-4f4b-b412-08f524b4576c) Sigma-Rules DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 1
Creation Of Non-Existent System DLL (df6ecb8b-7822-4f4b-b412-08f524b4576c) Sigma-Rules DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern 2