Dllhost.EXE Execution Anomaly (e7888eb1-13b0-4616-bd99-4bc0c2b054b9)
Detects a "dllhost" process spawning with no commandline arguments which is very rare to happen and could indicate process injection activity or malware mimicking similar system processes.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) | Attack Pattern | Dllhost.EXE Execution Anomaly (e7888eb1-13b0-4616-bd99-4bc0c2b054b9) | Sigma-Rules | 1 |