Rule Info
Name
Suspicious Rundll32 Execution With Image Extension
Author
Hieu Tran
Description
Detects the execution of Rundll32.exe with DLL files masquerading as image files
Reference
Date
2023-03-13 00:00:00
Modified
None
Id
4aa6040b-3f28-44e3-a769-9208e5feb5ec
Tags
attack.defense_evasion attack.t1218.011 DEMO
Type
Community Rule
Link to Public Repo