HeapSpray attempt by kernel32.dll

Question

Hello all,&nbsp;I am a InfoSec analyst supporting Anti-Virus to a client. Recently, I came across a HeapSpray attempt detection on the Windows 10 host for the process excel.exe. After the thorough investigation, i found the source which caused the detection was kernel32.dll. The sandbox result for the dll file was suspicious in its behavior. (Attached is a snapshot)&nbsp;I would want to know some information about the kernel32.dll file.&nbsp;1. How does kernel32.dll works when a process is loaded?2. Does kernel32.dll have privilege to write to Heap?3. Are "Writing" and "Spraying" to Heap one and the same?&nbsp;A quick help would be appreciated.&nbsp;&nbsp;Regards,Rakshith

julian_sharp · Answer

This board is for things related to Microsoft Learn and Microsoft Certifications. I would recommend reaching out on the Windows Community https://techcommunity.microsoft.com/t5/windows/ct-p/Windows10

rakshith_s1 · Answer

Hi Julian,Thank you for guiding me the right way.

Forum Discussion

HeapSpray attempt by kernel32.dll

Resources