Cybersecurity researchers have disclosed a new executable image tampering attack dubbed “Process Ghosting” The attack could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system. It takes advantage of Windows’ attempts to prevent mapped executables from being modified or deleted only come into effect after the binary is mapped into an image section. Microsoft has since released an updated version of its Sysinternals Suite earlier this January with an improved System Monitor utility to help detect Process Herpaderping attacks.
Source: https://thehackernews.com/2021/06/researchers-uncover-process-ghosting.html