Skip to content

Hide Navigation Hide TOC

Rundll32 Execution With Uncommon DLL Extension (c3a99af4-35a9-4668-879e-c09aeb4f2bdf)

Detects the execution of rundll32 with a command line that doesn't contain a common extension

Cluster A Galaxy A Cluster B Galaxy B Level
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern Rundll32 Execution With Uncommon DLL Extension (c3a99af4-35a9-4668-879e-c09aeb4f2bdf) Sigma-Rules 1
Rundll32 - T1218.011 (045d0922-2310-4e60-b5e4-3302302cb3c5) Attack Pattern System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4) Attack Pattern 2