← Back to Explore
T1055.002
Portable Executable Injection
Adversaries may inject portable executables (PE) into processes in order to evade process-based defenses as well as possibly elevate privileges. PE injection is a method of executing arbitrary code in the address space of a separate live process. PE injection is commonly performed by copying code (perhaps without a file on disk) into the virtual address space of the target process before invoking it via a new thread. The write can be performed with native Windows API calls such as <code>Virtua...
Windows
6
Detections
2
Sources
2
Threat Actors
BY SOURCE
4splunk_escu2elastic
PROCEDURES (4)
Remote Thread2 detections
Auto-extracted: 2 detections for remote thread
C22 detections
Auto-extracted: 2 detections for c2
Powershell1 detections
Auto-extracted: 1 detections for powershell
Powershell1 detections
Auto-extracted: 1 detections for powershell
THREAT ACTORS (2)
DETECTIONS (6)
Potential Process Injection via PowerShell
elastichigh
Suspicious .NET Reflection via PowerShell
elasticmedium
Windows Process Injection into Commonly Abused Processes
splunk_escu
Windows Process Injection into Notepad
splunk_escu
Windows Process Injection Remote Thread
splunk_escu
Windows Process Injection With Public Source Path
splunk_escu