1. Home
  2. Techniques
  3. Enterprise
  4. Process Injection

Process Injection

ID Name
ATAGS-T1084.001 Asynchronous Procedure Call
ATAGS-T1084.002 Dynamic-link Library Injection
ATAGS-T1084.003 Extra Window Memory Injection
ATAGS-T1084.004 ListPlanting
ATAGS-T1084.005 Portable Executable Injection
ATAGS-T1084.006 Proc Memory
ATAGS-T1084.007 Process Doppelgänging
ATAGS-T1084.008 Process Hollowing
ATAGS-T1084.009 Ptrace System Calls
ATAGS-T1084.010 Thread Execution Hijacking
ATAGS-T1084.011 Thread Local Storage
ATAGS-T1084.012 VDSO Hijacking

Threat actors may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.

ID: ATAGS-T1084
Sub-techniques:  ATAGS-T1084.001, ATAGS-T1084.002, ATAGS-T1084.003, ATAGS-T1084.004, ATAGS-T1084.005, ATAGS-T1084.006, ATAGS-T1084.007, ATAGS-T1084.008, ATAGS-T1084.009, ATAGS-T1084.010, ATAGS-T1084.011, ATAGS-T1084.012
Tactic: Privilege Escalation
Targeted Components: Software
Responsibility: Provider
Created: 18 April 2026
Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.