Potential DLL Sideloading Activity Via ExtExport.EXE

    Monday, September 2, 2024 In: Threat Research Print

    Date: 09/02/2024

    Severity: Medium

    Summary

    "Potential DLL Sideloading Activity Via ExtExport.EXE" examines the security risks associated with DLL (Dynamic Link Library) sideloading through the ExtExport.EXE executable. DLL sideloading is a technique where malicious DLL files are loaded by legitimate applications, potentially leading to unauthorized code execution. The summary highlights how attackers might exploit ExtExport.EXE to sideload malicious DLLs, compromising system integrity and security. The focus is on identifying, mitigating, and protecting against such vulnerabilities.

    Indicators of Compromise (IOC) List

    Image

    '\Extexport.exe'

    OriginalFileName

    'extexport.exe'

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1

    ((Resourcename in ("Sysmon") AND eventtype = "1") AND image = "\Extexport.exe") AND originalfilename = "extexport.exe"

    Detection Query 2

    ((Technologygroup = "EDR" ) AND image = "\Extexport.exe") AND originalfilename = "extexport.exe"

    Reference:

    https://github.com/SigmaHQ/sigma/blob/master/rules-threat-hunting/windows/process_creation/proc_creation_win_extexport_execution.yml


    Tags

    SigmaExploit

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.