Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
|
Detector Tags |
Injection Analytics |
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A signed process performed an unpopular injection to another process.
Attacker's Goals
Attackers may inject code into processes to evade process-based defenses, as well as possibly elevate privileges.
Investigative actions
- Check whether the injecting process is benign, and if this was a desired behavior as part of its normal execution flow.
Variations
Signed process that got injected performed an unpopular and suspicious injectionSigned process that got injected performed an unpopular and suspicious injection
Signed process that got injected performed an unpopular injection
Commonly abused signed process performed a globally unpopular injection to a Microsoft signed process
Signed process performed an unpopular injection