Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Injection Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A signed binary, which can be abused to run code, injected code to another process.
Attacker's Goals
Gain code execution on the host and evade security controls.
Investigative actions
Check whether the injecting process is benign, and if this was a desired behavior as part of its normal execution flow.
Variations
LOLBAS executable injects into another process using process hollowingScripting engine injects into another process
LOLBAS executable that's used to host DLLs injects into another process
LOLBAS executable that's used to host DLLs injects into another process
Rare LOLBAS executable injects into another process