Potential DLL Sideloading Using Coregen.exe

Rule Info

Name
Potential DLL Sideloading Using Coregen.exe
Author
frack113
Description
Detect usage of the "coregen.exe" (Microsoft CoreCLR Native Image Generator) binary to sideload arbitrary DLLs.
Reference
https://lolbas-project.github.io/lolbas/OtherMSBinaries/Coregen/
Date
2022-12-31 00:00:00
Modified
None
Id
0fa66f66-e3f6-4a9c-93f8-4f2610b00171
Tags
attack.defense-evasion attack.t1218 attack.t1055
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=0fa66f66-e3f6-4a9c-93f8-4f2610b00171

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4937 from @nasbench - Multiple updates and fixes
2024-08-29
4cd51a3dd
Nasreddine Bencherchali
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12
598d29f81
github-actions[bot]
Merge PR #4533 from @nasbench - Promote `experimental` rules
2023-11-02
a6e7cce60
Nasreddine Bencherchali
chore: increase level of some sideloading rules
2023-03-15
83bcab5fd
Nasreddine Bencherchali
feat: updates and enhancements
2023-02-08
071763467
frack113
Last lolbin (#3845)
2022-12-31
0aad49842
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022