Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
DLL Hijacking Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Medium |
Description
An attacker might leverage existing processes missing module loads to load malicious code into trusted processes.
Attacker's Goals
An attacker is attempting to load untrusted code into trusted contexts to avoid detection, persist or escalate privileges.
Investigative actions
Investigate the loaded module and verify if it is malicious.