LetsDefend Monitoring Alert

Possible DLL Sideloading Detected

Apr, 01, 2024, 10:02 AM

Event ID: 245

Event Time: Apr, 01, 2024, 10:02 AM

Rule Name: SOC247 - Possible DLL Sideloading Detected

Alert Type: Persistence

MITRE Technique:
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1204.002 - Execution - User Execution: Malicious File,
T1566.001 - Initial Access - Phishing: Spearphishing Attachment,
T1571 - Command and Control - Non-Standard Port,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1574.002 - Privilege Escalation - Hijack Execution Flow: DLL Side-Loading,
T1562.004 - Defense Evasion - Impair Defenses: Disable or Modify System Firewall,
T1547.001 - Persistence - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder,

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166