Skip to content

Hide Navigation Hide TOC

New DLL Added to AppInit_DLLs Registry Key (4f84b697-c9ed-4420-8ab5-e09af5b2345d)

DLLs that are specified in the AppInit_DLLs value in the Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows are loaded by user32.dll into every process that loads user32.dll

Cluster A Galaxy A Cluster B Galaxy B Level
AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern New DLL Added to AppInit_DLLs Registry Key (4f84b697-c9ed-4420-8ab5-e09af5b2345d) Sigma-Rules 1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern AppInit DLLs - T1546.010 (cc89ecbd-3d33-4a41-bcca-001e702d18fd) Attack Pattern 2