CreateProcessW
Read documentation
Through official Microsoft Developer Network (MSDN).
Featured in Techniques
| Technique Name | Technique ID's | Categories | Snippet(s) | Rules(s) |
|---|---|---|---|---|
| Process Hollowing, RunPE | U1225 E1055.012 |
|
||
| APC injection | U1221 E1055.004 |
|
||
| File Melt | U1007 |
|
||
| ProcEnvInjection - Remote code injection by abusing process environment strings | U1235 |
|
||
| NLS Code Injection Through Registry | U1237 |
|
Matching Samples 10 most recent
| Sample Name | Matching Techniques | First Seen | Last Seen |
|---|---|---|---|
| rlm1611_http.dll | 6 | 2025-11-22 | 3 weeks, 6 days ago |
| ngen.exe | 7 | 2026-03-20 | 4 weeks, 2 days ago |
| passper-for-rar_setup-com_passper.exe | 8 | 2026-02-18 | 2 months ago |
| ProtonVPN.Launcher.exe | 6 | 2026-02-18 | 2 months ago |
| x64_Acrobat.exe | 9 | 2026-01-30 | 2 months, 2 weeks ago |
| x64_Acrobat.exe | 9 | 2026-01-30 | 2 months, 2 weeks ago |
| TradingBot.exe | 4 | 2026-01-05 | 3 months, 2 weeks ago |
| MBSetup (3).exe | 6 | 2025-10-18 | 4 months ago |
| main.exe | 4 | 2025-12-14 | 4 months ago |
| cmd.exe | 7 | 2025-12-10 | 4 months, 1 week ago |