Skip to content

Hide Navigation Hide TOC

Potential Initial Access via DLL Search Order Hijacking (dbbd9f66-2ed3-4ca2-98a4-6ea985dd1a1c)

Detects attempts to create a DLL file to a known desktop application dependencies folder such as Slack, Teams or OneDrive and by an unusual process. This may indicate an attempt to load a malicious module via DLL search order hijacking.

Cluster A Galaxy A Cluster B Galaxy B Level
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Potential Initial Access via DLL Search Order Hijacking (dbbd9f66-2ed3-4ca2-98a4-6ea985dd1a1c) Sigma-Rules 1
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Potential Initial Access via DLL Search Order Hijacking (dbbd9f66-2ed3-4ca2-98a4-6ea985dd1a1c) Sigma-Rules 1
Potential Initial Access via DLL Search Order Hijacking (dbbd9f66-2ed3-4ca2-98a4-6ea985dd1a1c) Sigma-Rules Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 1
Potential Initial Access via DLL Search Order Hijacking (dbbd9f66-2ed3-4ca2-98a4-6ea985dd1a1c) Sigma-Rules Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern 2
DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2