Function Name
NtDuplicateObject
Description
NtDuplicateObject is used to create a handle that is a duplicate of the specified source handle. Malware can use this function to obtain the necessary access rights to a process via duplicating its handle, and subsequently kill a process or inject into it.
Library
Ntdll.dll
Associated Attacks
Injection
Created: 2021-10-30
Last Update: 2021-10-30
Credits: mr.d0x