Skip to content

Hide Navigation Hide TOC

CredUI.DLL Loaded By Uncommon Process (9ae01559-cf7e-4f8e-8e14-4c290a1b4784)

Detects loading of "credui.dll" and related DLLs by an uncommon process. Attackers might leverage this DLL for potential use of "CredUIPromptForCredentials" or "CredUnPackAuthenticationBufferW".

Cluster A Galaxy A Cluster B Galaxy B Level
GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern CredUI.DLL Loaded By Uncommon Process (9ae01559-cf7e-4f8e-8e14-4c290a1b4784) Sigma-Rules 1
Input Capture - T1056 (bb5a00de-e086-4859-a231-fa793f6797e2) Attack Pattern GUI Input Capture - T1056.002 (a2029942-0a85-4947-b23c-ca434698171d) Attack Pattern 2