Intel Name: Potential pikabot hollowing activity
Date of Scan: December 31, 2024
Impact: Medium
Summary: Potential Pikabot Hollowing Activity refers to the detection of rundll32.exe being used to invoke legitimate Windows binaries as part of a malware attack. Specifically, the Pikabot malware utilizes this technique for process hollowing, where it injects malicious code into a legitimate Windows process. This allows Pikabot to run its payload in the context of trusted system processes, making it harder to detect. The detection focuses on identifying unusual or suspicious use of rundll32 to execute such activities, which may indicate an active infection or exploitation attempt.