(CAPA) CAPA_Hook_Injection1

Download Raw 

rule:
  meta:
    name: set application hook
    namespace: host-interaction/gui
    authors:
      - michael.hunhoff@mandiant.com
    scope: function
    examples:
      - Practical Malware Analysis Lab 12-03.exe_:0x401000
  features:
    - and:
      - or:
        - api: user32.SetWindowsHookEx
        - api: user32.UnhookWindowsHookEx

Associated Techniques

Created

December 6, 2022

Last Revised

December 6, 2022