EXPLORE
Sign In
← Back to Explore
T1055.001

Dynamic-link Library Injection

Adversaries may inject dynamic-link libraries (DLLs) into processes in order to evade process-based defenses as well as possibly elevate privileges. DLL injection is a method of executing arbitrary code in the address space of a separate live process. DLL injection is commonly performed by writing the path to a DLL in the virtual address space of the target process before loading the DLL by invoking a new thread. The write can be performed with native Windows API calls such as <code>VirtualAl...

Windows
11
Detections
3
Sources
9
Threat Actors

BY SOURCE

6sigma3splunk_escu2elastic

PROCEDURES (7)

Inject5 detections

Auto-extracted: 5 detections for inject

Api1 detections

Auto-extracted: 1 detections for api

Persist1 detections

Auto-extracted: 1 detections for persist

Powershell1 detections

Auto-extracted: 1 detections for powershell

Remote1 detections

Auto-extracted: 1 detections for remote

Persist1 detections

Auto-extracted: 1 detections for persist

Remote1 detections

Auto-extracted: 1 detections for remote

THREAT ACTORS (9)

BackdoorDiplomacyLazarus GroupLeviathanMalteiroPutter PandaTA505Tropic TrooperTurlaWizard Spider

DETECTIONS (11)

HackTool - Potential CobaltStrike Process Injection
sigmahigh
Loading Of Dynwrapx Module
splunk_escu
ManageEngine Endpoint Central Dctask64.EXE Potential Abuse
sigmahigh
Mavinject Inject DLL Into Running Process
sigmahigh
Potential DLL Injection Or Execution Using Tracker.exe
sigmamedium
Potential Process Injection via PowerShell
elastichigh
Renamed Mavinject.EXE Execution
sigmahigh
Renamed ZOHO Dctask64 Execution
sigmahigh
Suspicious .NET Reflection via PowerShell
elasticmedium
Windows Process Injection Of Wermgr to Known Browser
splunk_escu
Windows Rasautou DLL Execution
splunk_escu