Execution DLL of Choice Using WAB.EXE (fc014922-5def-4da9-a0fc-28c973f41bfb)
This rule detects that the path to the DLL written in the registry is different from the default one. Launched WAB.exe tries to load the DLL from Registry.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) | Attack Pattern | Execution DLL of Choice Using WAB.EXE (fc014922-5def-4da9-a0fc-28c973f41bfb) | Sigma-Rules | 1 |