AppLocker Bypass – Rundll32
Tags
| attack-pattern: | Javascript - T1059.007 Powershell - T1059.001 Python - T1059.006 Rundll32 - T1218.011 Software - T1592.002 Powershell - T1086 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 2081922a-e989-479c-9d32-477f957ed25b |
| Fingerprint | fc291b876127f5cd |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | May 23, 2017, 9:46 a.m. |
| Added to db | Jan. 18, 2023, 10:08 p.m. |
| Last updated | Nov. 18, 2024, 1:25 p.m. |
| Headline | AppLocker Bypass – Rundll32 |
| Title | AppLocker Bypass – Rundll32 |
| Detected Hints/Tags/Attributes | 20/1/18 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://pentestlab.blog/2017/05/23/applocker-bypass-rundll32/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 74 | blog.didierstevens.com |
|
| Details | Domain | 4 | didierstevens.com |
|
| Details | Domain | 1 | www.didierstevens.com |
|
| Details | File | 1021 | rundll32.exe |
|
| Details | File | 2 | pentestlab.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 1 | c:\users\pentestlab.dll |
|
| Details | File | 6 | cmd.dll |
|
| Details | File | 1 | c:\cmd.dll |
|
| Details | File | 1 | regedit.dll |
|
| Details | File | 1 | c:\regedit.dll |
|
| Details | File | 2 | cmd-dll_v0_0_4.zip |
|
| Details | File | 1 | regedit-dll_v0_0_1.zip |
|
| Details | IPv4 | 5 | 192.168.100.3 |
|
| Details | Url | 1 | https://blog.didierstevens.com/?s=cmd |
|
| Details | Url | 2 | http://didierstevens.com/files/software/cmd-dll_v0_0_4.zip |
|
| Details | Url | 1 | http://www.didierstevens.com/files/software/regedit-dll_v0_0_1.zip |