Tag

Regsvr32

3 briefs RSS

Suspicious Network Connection via Registration Utility

The native Windows tools regsvr32.exe, regsvr64.exe, RegSvcs.exe, or RegAsm.exe making a network connection may indicate an attacker bypassing allowlists or running arbitrary scripts via a signed Microsoft binary.

Windows execution defense evasion regsvr32

2r 4t Jan 3, 2024

high threat

Regsvr32 Silent and Install Parameter DLL Loading

2 rules 2 TTPs

Detection of regsvr32.exe being used with the silent and DLL install parameter to load a DLL, a technique used by RATs like Remcos and njRAT to execute arbitrary code.

Splunk Enterprise +2 Remcos +1 lolbin dll-loading regsvr32

2r 2t Jan 3, 2024

medium advisory

IOBit Unlocker Extension DLL Registration via Regsvr32

2 rules 1 TTP

The IOBit Unlocker Extension DLL is being registered via regsvr32.exe, a Windows utility used to unlock files or folders by terminating locking processes, which could be abused for malicious purposes.

Unlocker Extension +3 iobit unlocker regsvr32 dll windows threat-detection

2r 1t Jan 3, 2024