public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-01-26 05:22:20 +01:00
Code Issues Projects Releases Wiki Activity

printui.exe lolbas Requestt

Browse Source
This commit is contained in:
root 2025-01-12 02:45:15 +03:00
parent c2de388e9d
commit d6579a02a6
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/printui.yml
View File

@ -4,7 +4,7 @@ Description: Malicious dll file load to memory via printui.exe
Author: 'Yasin Gökhan TAŞKIN'
Created: 2025-01-12
Commands:
- Command: start "%SystemDrive%"\Windows\System32\printui.exe
- Command: start "%SystemDrive%"\Windows\System32\printui.exe
Description: Detects potential DLL sideloading of "printui.dll". While using legit "printui.exe" it can be abused to attach to an arbitrary process and force load DLL named "printui.dll" from the current directory of execution.
Usecase: Execute dll file
Category: Execute
@ -17,7 +17,7 @@ Full_Path:
- Path: C:\Windows\System32\printui.exe
Detection:
- Sigma: https:https://github.com/SigmaHQ/sigma/blob/master/rules/windows/image_load/image_load_side_load_from_non_system_location.yml
- IOC: Load malicious DLL image
- IOC: Load malicious DLL image
Resources:
- Link: https:https://www.linkedin.com/pulse/uncovered-lolbas-yasin-g%C3%B6khan-ta%C5%9Fkin-gnpwf/?trackingId=WvE5YmopTtyh%2FuvEPcpyZQ%3D%3D
Acknowledgement: