Home/ MITRE Matrix/ Defense Evasion/ T1055.012

T1055.012Process Hollowing

T1055.012 — Process Hollowing is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 3 detection use cases covering it and 2 threat-intel articles citing it.

Defense EvasionPrivilege Escalation

View on the matrix → Filter Detection Library MITRE official spec ↗

3Use cases

2Articles

0Sub-techniques

2Tactics

↑ Parent technique: T1055 · Process Injection

Use cases covering this technique (3)

PowerShell PInvoke Process Injection API Chain ESCU actions · alerting P [LLM] OneDrive.Sync.Service.exe spawned/injected outside legitimate OneDrive chain (SPECTRALVIPER injection target) Bespoke install · hunting DSPDDCS [LLM] whisper.dll loaded / svchost.exe spawned outside services.exe (GopherWhisper JabGopher injection) Bespoke install · alerting DSΣPDDCS

Articles citing this technique (2)

crit OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack art-53

crit GopherWhisper: A burrow full of malware art-362