Skip to content

Hide Navigation Hide TOC

New Netsh Helper DLL Registered From A Suspicious Location (e7b18879-676e-4a0e-ae18-27039185a8e7)

Detects changes to the Netsh registry key to add a new DLL value that is located on a suspicious location. This change might be an indication of a potential persistence attempt by adding a malicious Netsh helper

Cluster A Galaxy A Cluster B Galaxy B Level
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern New Netsh Helper DLL Registered From A Suspicious Location (e7b18879-676e-4a0e-ae18-27039185a8e7) Sigma-Rules 1
Netsh Helper DLL - T1546.007 (f63fe421-b1d1-45c0-b8a7-02cd16ff2bed) Attack Pattern Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db) Attack Pattern 2