← Back to Explore
T1055.004
Asynchronous Procedure Call
Adversaries may inject malicious code into processes via the asynchronous procedure call (APC) queue in order to evade process-based defenses as well as possibly elevate privileges. APC injection is a method of executing arbitrary code in the address space of a separate live process. APC injection is commonly performed by attaching malicious code to the APC Queue (Citation: Microsoft APC) of a process's thread. Queued APC functions are executed when the thread enters an alterable state.(Citati...
Windows
1
Detections
1
Sources
1
Threat Actors
BY SOURCE
1elastic
PROCEDURES (1)
Process Creation Monitoring1 detections
Auto-extracted: 1 detections for process creation monitoring