CreateProcessW
Read documentation
Through official Microsoft Developer Network (MSDN).
Featured in Techniques
| Technique Name | Technique ID's | Snippet(s) | Rules(s) | OS |
|---|---|---|---|---|
| Process Hollowing, RunPE | U1225 E1055.012 | |||
| APC injection | U1221 E1055.004 | |||
| File Melt | U1007 | |||
| ProcEnvInjection - Remote code injection by abusing process environment strings | U1235 | |||
| NLS Code Injection Through Registry | U1237 |
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| 131da83b521f610819141d5c7403...abb22ef504a7593955a65f07.exe | 9 | 2025-06-12 | 1 month, 1 week ago |
| tel.exe | 13 | 2025-06-01 | 1 month, 3 weeks ago |
| CursorFreeVIP_1.11.01_windows.exe | 4 | 2025-05-19 | 2 months ago |
| hmpalert.exe | 8 | 2025-04-20 | 2 months, 3 weeks ago |
| firefox.exe | 3 | 2025-04-26 | 3 months ago |
| DarkComet.exe | 8 | 2025-04-25 | 3 months ago |
| SetupEngine.exe | 8 | 2025-04-23 | 3 months ago |
| Patch.exe | 4 | 2025-04-21 | 3 months ago |
| NLiveConnectorSetup.exe | 4 | 2025-04-05 | 3 months, 2 weeks ago |
| get_hwid.exe | 4 | 2025-03-15 | 4 months, 1 week ago |