...
Relevant documentation
Mitre T1543 - Creating or modifying a system process can disguise malicious code as a normal, trusted system process from malware detection.
Mitre T1068 - Performing privilege escalation via software vulnerabilities can allow malicious code to escape permission restrictions or virtualized environments.
Mitre T1055-001 - DLL injection can be used to load malicious code into a process by simply instructing the target process to load a new DLL or by replacing a legitimate DLL before it is loaded.
Mitre T1059-001 - PowerShell is often used by Windows malware to perform malware setup, such as replacing legitimate files with malicious ones.