Silent execution

ID

silent_execution

Severity

low

Resource

Execution

Tags

evader

Description

This detector looks for potentially malicious command or process silently executed.

Rationale

The term "silent execution" refers to the ability of malicious commands or processes to run without generating any noticeable or overt signs, such as visible windows, pop-ups, or notifications.

By executing silently, the malicious code reduces the chances of the user or system administrator noticing any unusual behavior, making it harder to detect and remove.

Related Malware campaigns

Pretty common technique since every malicious piece of code wants to remain hidden.

These are some popular campaigns using this technique:

  • BlackTech is an alleged cyber espionage group believed to have originated in China, with a primary focus on infiltrating organizations across East Asia, specifically in Taiwan, Japan, Hong Kong, and the United States since at least 2013. Employing a mix of customized malware, dual-use tools, and living off the land strategies, BlackTech has successfully compromised networks of companies in various sectors such as media, construction, engineering, electronics, and finance.

References