Skip to content

Hide Navigation Hide TOC

Potential PowerShell Execution Via DLL (6812a10b-60ea-420c-832f-dfcc33b646ba)

Detects potential PowerShell execution from a DLL instead of the usual PowerShell process as seen used in PowerShdll. This detection assumes that PowerShell commands are passed via the CommandLine.

Cluster A Galaxy A Cluster B Galaxy B Level
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Potential PowerShell Execution Via DLL (6812a10b-60ea-420c-832f-dfcc33b646ba) Sigma-Rules 1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2