Skip to content

Hide Navigation Hide TOC

Comsvcs (0448178d-fff1-4174-8339-e6bfca78fb84)

This object contains information sourced from the Living Off The Land Binaries, Scripts and Libraries (LOLBAS) project, which is licensed under GNU General Public License v3.0.

Description: COM+ Services

Author: LOLBAS Team

Paths: * c:\windows\system32\comsvcs.dll

Resources: * https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/

Detection: * Sigma: proc_creation_win_rundll32_process_dump_via_comsvcs.yml * Sigma: proc_access_win_lsass_dump_comsvcs_dll.yml * Elastic: credential_access_cmdline_dump_tool.toml * Splunk: dump_lsass_via_comsvcs_dll.yml[Comsvcs.dll - LOLBAS Project]

Cluster A Galaxy A Cluster B Galaxy B Level
Magic Hound (7a9d653c-8812-4b96-81d1-b0a27ca918b4) Tidal Groups Comsvcs (0448178d-fff1-4174-8339-e6bfca78fb84) Tidal Software 1
Comsvcs (0448178d-fff1-4174-8339-e6bfca78fb84) Tidal Software Volt Typhoon (4ea1245f-3f35-5168-bd10-1fc49142fd4e) Tidal Groups 1