The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, dubbed AvNeutralizer (i.e., AuKill) by researchers. By leveraging Windows’ built-in driver TTD Monitor Driver (ProcLaunchMon.sys), in conjunction with updated, Windows-trusted versions of the Process Explorer driver (procexp), the tool is able to effectively DoS some specific implementations of protected processes.

Source: Help Net Security