VMMap Signed Dbghelp.DLL Potential Sideloading

Rule Info

Name
VMMap Signed Dbghelp.DLL Potential Sideloading
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects potential DLL sideloading of a signed dbghelp.dll by the Sysinternals VMMap.
Reference
https://techcommunity.microsoft.com/t5/sysinternals-blog/zoomit-v7-1-procdump-2-0-for-linux-process-explorer-v17-05/ba-p/3884766
Date
2023-09-05 00:00:00
Modified
None
Id
98ffaed4-aec2-4e04-9b07-31492fe68b3d
Tags
attack.defense_evasion attack.persistence attack.privilege_escalation attack.t1574.001 attack.t1574.002 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=98ffaed4-aec2-4e04-9b07-31492fe68b3d

Rule History

Author
Title
Date
Commit
Nasreddine Bencherchali
Merge PR #4406 from @nasbench - Multiple Updates & Additions
2023-09-07
bdffe3a7f
Nasreddine Bencherchali
feat: more updates
2023-07-28
8dca7aa1b
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022