Privilege Escalation
T1055 injection_thread: Code injection to a remote process using CreateRemoteThread or NtQueueApcThread
T1055.002 inject_write_pe: Writes PE file to another process's memory
Defense Evasion
T1055 injection_thread: Code injection to a remote process using CreateRemoteThread or NtQueueApcThread
T1055.002 inject_write_pe: Writes PE file to another process's memory
T1027.002 packer_entropy: Probably contains compressed or encrypted data
Discovery
T1057 process_interest: Enumerates processes
Other
yara_rules: Static rules
suspicious_process: Spawns a suspicious process
no_graphical_activity: No graphic activity