← Back to Explore
T1055.011
Extra Window Memory Injection
Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process. Before creating a window, graphical Windows-based processes must prescribe to or register a windows class, which stipulate appearance and behavior (via windows procedures, which are functions that handle input/output of data).(Citati...
Windows
1
Detections
1
Sources
0
Threat Actors
BY SOURCE
1sigma
PROCEDURES (1)
Process Access Monitoring1 detections
Auto-extracted: 1 detections for process access monitoring