Heapspray attempt by kernel32.dll

Copper Contributor

Hello all,


I am a InfoSec analyst supporting Anti-Virus to a client. Recently, I came across a HeapSpray attempt detection on the Windows 10 host for the process excel.exe. After the thorough investigation, i found the source which caused the detection was kernel32.dll. The sandbox result for the dll file was suspicious in its behavior.


I would want to know some information about the kernel32.dll file.


1. How does kernel32.dll works when a process is loaded?

2. Does kernel32.dll have privilege to write to Heap?

3. Are "Writing" and "Spraying" to Heap one and the same?


A quick help would be appreciated.




0 Replies