Skip to content

Hide Navigation Hide TOC

New DLL Added to AppCertDlls Registry Key (6aa1d992-5925-4e9f-a49b-845e51d1de01)

Dynamic-link libraries (DLLs) that are specified in the AppCertDLLs value in the Registry key can be abused to obtain persistence and privilege escalation by causing a malicious DLL to be loaded and run in the context of separate processes on the computer.

Cluster A Galaxy A Cluster B Galaxy B Level
New DLL Added to AppCertDlls Registry Key (6aa1d992-5925-4e9f-a49b-845e51d1de01) Sigma-Rules AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) Attack Pattern 1
Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern AppCert DLLs - T1546.009 (7d57b371-10c2-45e5-b3cc-83a8fb380e4c) Attack Pattern 2