Process Doppelgnging is a possible substituent of the well-known Process Hollowing (RunPE), that is commonly used in malware. Both techniques give an ability to run a malicious executable under the cover of a legitimate one. Both serve the same goal of process impersonation, but they differ in implementation and make use of different API functions. This is why, most of the current antivirus solutions struggled in detecting this technique. In this post we will take a closer look on how the Process Doppleganging works and compare it with the popular RunPE.”]
Source: https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/

