Tag

Explorer.exe

1 brief RSS

Suspicious Explorer Child Process via DCOM

Adversaries abuse the trusted status of explorer.exe to launch malicious scripts or executables, often using DCOM to start processes like PowerShell or cmd.exe, achieving initial access, defense evasion, and execution.

Microsoft Defender XDR +2 initial-access defense-evasion execution explorer.exe dcom

2r 9t Jan 2, 2024