Skip to content

Hide Navigation Hide TOC

Potentially Suspicious Rundll32 Activity (e593cf51-88db-4ee1-b920-37e89012a3c9)

Detects suspicious execution of rundll32, with specific calls to some DLLs with known LOLBIN functionalities

Cluster A Galaxy A Cluster B Galaxy B Level
Potentially Suspicious Rundll32 Activity (e593cf51-88db-4ee1-b920-37e89012a3c9) Sigma-Rules Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern 1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2