EXPLORE
Sign In
← Back to Explore
T1546.007

Netsh Helper DLL

Adversaries may establish persistence by executing malicious content triggered by Netsh Helper DLLs. Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system. It contains functionality to add helper DLLs for extending functionality of the utility.(Citation: TechNet Netsh) The paths to registered netsh.exe helper DLLs are entered into the Windows Registry at <code>HKLM\SOFTWARE\Microsoft\Netsh</code>. Adversaries can...

Windows
5
Detections
2
Sources
0
Threat Actors

BY SOURCE

4sigma1elastic

PROCEDURES (4)

Registry2 detections

Auto-extracted: 2 detections for registry

Registry Monitoring1 detections

Auto-extracted: 1 detections for registry monitoring

Persist1 detections

Auto-extracted: 1 detections for persist

Suspicious1 detections

Auto-extracted: 1 detections for suspicious

DETECTIONS (5)

Netsh Helper DLL
elasticlow
New Netsh Helper DLL Registered From A Suspicious Location
sigmahigh
Potential Persistence Via Netsh Helper DLL
sigmamedium
Potential Persistence Via Netsh Helper DLL - Registry
sigmamedium
Potential Suspicious Activity Using SeCEdit
sigmamedium