The Evolution of Protected Processes Part 2 - CrowdStrike
Tags
cmtmf-attack-pattern: Code Injection
attack-pattern: Data Code Injection - T1540 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 9da48000-71c8-4985-aeea-d2245e0fcb9a
Fingerprint 1614c857b06460c7
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 11, 2013, 12:36 p.m.
Added to db Jan. 18, 2023, 10:59 p.m.
Last updated Nov. 16, 2024, 12:12 p.m.
Headline The Evolution of Protected Processes Part 2: Exploit/Jailbreak Mitigations, Unkillable Processes and Protected Services
Title The Evolution of Protected Processes Part 2 - CrowdStrike
Detected Hints/Tags/Attributes 37/2/9
Source URLs
Redirection Url
Details Source https://www.crowdstrike.com/blog/evolution-protected-processes-part-2-exploitjailbreak-mitigations-unkillable-processes-and/
URL Provider
Details Provider Source level domain
Details crowdstrike.com www.crowdstrike.com
Attributes
Details Type #Events CTI Value
Details File 21 
sppsvc.exe
Details File 16 
audiodg.exe
Details File 165 
csrss.exe
Details File 115 
win32k.sys
Details File 1 
similarwin32k.sys
Details File 87 
nissrv.exe
Details File 198 
msmpeng.exe
Details File 118 
sc.exe
Details File 119 
smss.exe