GET /api/techniques/90/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 90,
"key": "parent-process-detection",
"unprotect_id": "U0404",
"name": "Parent Process Detection",
"description": "Parent process is a technique used by malware to evade detection by security analysts. The parent process of a given process is the process that spawned it. \r\n\r\nFor example, most user processes on a Windows system have explorer.exe as their parent process. By checking the parent process of a given process, malware can determine whether it is being monitored by security analysts. If the parent process is not explorer.exe, then the process is likely being monitored and the malware can take evasive action, such as terminating itself.",
"resources": "https://cysinfo.com/detecting-malicious-processes-psinfo-volatility-plugin/",
"creation_date": "2019-03-18T14:46:02Z",
"tags": "Process,\r\nSpawn,\r\nExplorer.exe,\r\nMonitoring,\r\nEvasive action,\r\nTermination,\r\nEncryption,",
"modification_date": "2023-10-04T10:42:17.040000Z",
"category": [
6
],
"rules": [
127
],
"attachments": [],
"featured_api": [
23,
26,
27,
28,
355,
419
],
"contributors": []
}
