Elevated Access MalOps

Elevated access includes behaviors where a process or other item receives privileges outside their normal level. This is also known as privilege escalation. Some security programs do not classify elevated access as a critical vulnerability, but it is a necessary step in attacks. Elevated access typically occurs through one of a few methods: vulnerability exploitation, code injection, using the RunAs command if the credentials are known, or using tools such as PowerUp which combine various methods using PowerShell.

The ‘MalOp for Malicious Privilege Escalation’ is triggered when a process is executed in a malicious manner and has privileges that have been elevated above their normal level.

Supported OS for this MalOp: Windows

Examples of behavior that can trigger this MalOp:

• Elevating privileges of other processes

Next steps: Malicious privilege escalation

• Investigate the process in question and view the Element Details about the processes.

• Investigate the process hierarchy to see what other activities are happening.

• Investigate the user involved in the MalOp and look at their details, especially privilege levels.