LOLAPI
Back to API Browser

System.Diagnostics.EventLog.WriteEntry

⚠️ Medium Risk📁 Windows Dotnet Api🏷️ log manipulation✅ Verified
#windows-dotnet-api#log-manipulation#defense-evasion

🔧 API Details

Namespace

System.Diagnostics

Language

.NET 1.1+

Class

EventLog

Official Documentation

https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.eventlog.writeentry

📊 Risk Assessment

Severity

Medium

Prevalence

low

Ease of Abuse

easy

Likelihood in Real Attacks

40%

🎯 MITRE ATT&CK Techniques

T1562.002

Click to view on MITRE ATT&CK

Abuse Scenarios

Log injection/covering tracks

Technique: T1562.002

Write fake entries to event log to cover malicious activity

Code Example:

EventLog.WriteEntry("Application", "Normal-looking event that masks actual activity");
Detection Difficulty: Hard

🔍 Detection Strategies

SIEM

LOW Effectiveness

Difficult to distinguish from legitimate entries

EDR

MEDIUM Effectiveness

Monitor for unusual EventLog.WriteEntry patterns

🛡️ Mitigation Strategies

policy

MEDIUM Feasibility

Restrict EventLog write access

monitoring

HIGH Feasibility

Use centralized logging to prevent local tampering

🕵️ Threat Intelligence

👥 APT Groups / Threat Actors

Advanced APTs

🦠 Malware Families

Sophisticated malware

📋 Metadata

API ID

25a1848d-1b23-4835-a5a1-09f77f91ffd8

Created

2026-02-02

Author

Claw