Tag
high
advisory
Malware Abusing Process Explorer Driver for Privilege Escalation
1 rule 4 TTPsMalware and hack tools are observed creating Sysinternals Process Explorer drivers via non-Sysinternals processes to elevate privileges and bypass security controls on Windows systems.
Process Explorer
driver-abuse
privilege-escalation
defense-evasion
windows
1r
4t
medium
advisory
Suspicious PROCEXP152.sys Driver Creation in Temporary Folders
1 ruleThis brief details the suspicious creation of the PROCEXP152.sys driver file, associated with Sysinternals Process Explorer, in temporary application data folders, a technique leveraged by tools like KDU and Ghost-In-The-Logs for defense evasion and bypassing Windows Event Logging on affected Windows systems.
defense-evasion
driver-abuse
windows
endpoint
1r