Ten process injection techniques: A technical survey of common and trending process injection techniques
Tags
cmtmf-attack-pattern: Code Injection Process Injection
attack-pattern: Appinit Dlls - T1546.010 Code Injection - T1540 Extra Window Memory Injection - T1055.011 Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Portable Executable Injection - T1055.002 Process Hollowing - T1055.012 Process Injection - T1631 Python - T1059.006 Software - T1592.002 Thread Execution Hijacking - T1055.003 Appinit Dlls - T1103 Extra Window Memory Injection - T1181 Hooking - T1179 Process Hollowing - T1093 Process Injection - T1055 Hooking
Show in Graph
Common Information
Type Value
UUID ccd8e986-fb34-4bba-828b-79f29ea3a689
Fingerprint 2f2c1d13adf80609
Analysis status DONE
Considered CTI value 2
Text language
Published July 18, 2017, 4 p.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Ten process injection techniques: A technical survey of common and trending process injection techniques
Title Ten process injection techniques: A technical survey of common and trending process injection techniques
Detected Hints/Tags/Attributes 65/2/21
Source URLs
Redirection Url
Details Source https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
Details Source https://www.elastic.co/de/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
Details Source https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
URL Provider
Details Provider Source level domain
Details elastic.co www.elastic.co
Details endgame.com www.endgame.com
Attributes
Details Type #Events CTI Value
Details Domain 47 
elastic.co
Details File 1122 
svchost.exe
Details File 533 
ntdll.dll
Details File 291 
user32.dll
Details File 1260 
explorer.exe
Details File 13 
sdbinst.exe
Details File 3 
vc32loader.dll
Details sha256 2 
07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365
Details sha256 2 
ce8d7590182db2e51372a4a04d6a0927a65b2640739f9ec01cfd6c143b1110da
Details sha256 2 
eae72d803bf67df22526f50fc7ab84d838efb2865c27aef1a61592b1c520d144
Details sha256 2 
787cbc8a6d1bc58ea169e51e1ad029a637f22560660cc129ab8a099a745bd50e
Details sha256 2 
5d6ddb8458ee5ab99f3e7d9a21490ff4e5bc9808e18b9e20b6dc2c5b27927ba1
Details sha256 2 
9f10ec2786a10971eddc919a5e87a927c652e1655ddbbae72d376856d30fa27c
Details sha256 2 
f0089056fc6a314713077273c5910f878813fa750f801dfca4ae7e9d7578a148
Details sha256 2 
f74399cc0be275376dad23151e3d0c2e2a1c966e6db6a695a05ec1a30551c0ad
Details sha256 2 
5e56a3c4d4c304ee6278df0b32afb62bd0dd01e2a9894ad007f4cc5f873ab5cf
Details sha256 2 
6d5048baf2c3bba85adc9ac5ffd96b21c9a27d76003c4aa657157978d7437a20
Details sha256 2 
f827c92fbe832db3f09f47fe0dcaafd89b40c7064ab90833a1f418f2d1e75e8e
Details Windows Registry Key 49 
HKLM\Software\Microsoft\Windows
Details Windows Registry Key 3 
HKLM\Software\Wow6432Node\Microsoft\Windows
Details Windows Registry Key 41 
HKLM\System\CurrentControlSet\Control\Session