Uncommon File System Load Attempt By Format.com - ImageLoad

Rule Info

Name
Uncommon File System Load Attempt By Format.com - ImageLoad
Author
Nasreddine Bencherchali (Nextron Systems)
Description
Detects the load of uncommon file system DLLs by the "format.com" utility. An attacker can point "format.com" to load any DLL using the "/FS" flag.
Reference
https://twitter.com/0gtweet/status/1477925112561209344
Date
2024-05-13 00:00:00
Modified
None
Id
efbbe8d9-f6ad-4e0b-9381-ee7c9ea72d06
Tags
attack.defense-evasion
Type
Nextron Sigma feed only (private)

Rule History

THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022