Related archive contains legit signed WinWord.exe from Microsoft to load a malicious "AppvIsvSubs...

Summary

A malware campaign is leveraging legitimate, Microsoft-signed WinWord.exe executables to sideload a malicious AppvIsvSubsystems64.dll file. This DLL hijacking technique abuses the trust placed in Microsoft-signed binaries to evade detection and execute arbitrary code. The attack demonstrates a sophisticated supply-chain-adjacent technique that exploits DLL search order and code signing trust.

Indicators of Compromise

• malware — AppvIsvSubsystems64.dll

Entities