Summary
C:\Users\%username%\AppData\Local\Microsoft\OneDrive can be assessed which is read/write/exec by user. And then dll file which is related with onedrive.exe drop in that folder.
Fig: 1
Fig 2
Fig 3
Fig 4
Details Ref:
https://resources.infosecinstitute.com/dll-hijacking/
https://attack.mitre.org/techniques/T1038/
No comments:
Post a Comment