Image File Execution Options Injection. Image file execution options is a windows registry key which enables developers to attach a debugger to an application and to enable globalflag for application debugging this behavior of windows opens the door for persistence since an arbitrary executable can be used as a debugger of a specific process or as a monitorprocess in both scenarios code execution will achieved and the. It uses this to.
Image debuggers for accessibility features w bits jobs. Image file execution options injection kernel modules and extensions launch agent launch daemon launchctl lc load dylib addition local job scheduling login item logon scripts lsass driver modify existing service netsh helper dll new service office application startup path interception plist modification. Image file execution options injection persistence technique imagefileexecutionoptions ps1.
Temp veles has modified and added entries within hkey local machine software microsoft windows nt currentversion image file execution options to maintain persistence.
Injection and persistence via registry modification e g. Image debuggers for accessibility features w bits jobs. It s image file execution options or ifeo injection persistence technique with id t1183. Appinit dlls appcertdlls ifeo appinit dll appcertdlls and ifeo image file execution options are all registry keys that malware uses for both injection and persistence.