Process injection via CreateRemoteThread

/static/assets/windows-logo.svg
This TTP will launch a notepad process and then inject shellcode into it. When the shellcode is executed, it will launch a new calc.exe process and crash notepad.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Process injection via CreateRemoteThread

2022-09-27

/static/assets/windows-logo.svg
Injects shellcode into a specified PID using CreateRemoteThread.