Loads the RPC (Remote Procedure Call) module DLLĪn adversary may rely upon a user opening a malicious file in order to gain execution. Adversaries may interact with the native OS application programming interface (API) to execute behaviors.Ĭalls an API typically used to retrieve function addressĬalls an API typically used to find a resource in a moduleĬalls an API typically used to load a resource in memoryĬontains reference to Windows native API (API string)Ĭontains ability to create files (API string)Ĭontains ability to modify process thread functionality (API string)Ĭontains ability to load modules (API string)Ĭontains ability to dynamically load librariesĬontains ability to create a new process (API string)Ĭontains ability to retrieve the fully qualified path of module (API string)Ĭontains ability to execute an application (API string)Īdversaries may execute malicious payloads via loading shared modules.Ĭalls an API typically used to load libraries
0 kommentar(er)
