← Back to Explore
T1055.003
Thread Execution Hijacking
Adversaries may inject malicious code into hijacked processes in order to evade process-based defenses as well as possibly elevate privileges. Thread Execution Hijacking is a method of executing arbitrary code in the address space of a separate live process. Thread Execution Hijacking is commonly performed by suspending an existing process then unmapping/hollowing its memory, which can then be replaced with malicious code or the path to a DLL. A handle to an existing victim process is first cr...
Windows
3
Detections
2
Sources
0
Threat Actors
BY SOURCE
2sigma1elastic
PROCEDURES (3)
Inject1 detections
Auto-extracted: 1 detections for inject
Inject1 detections
Auto-extracted: 1 detections for inject
Remote1 detections
Auto-extracted: 1 detections for remote