At Cyber Mongol, we are in the business of forecasting and articulating trends in emerging adversary behaviors. One important aspect of behavior forecasting is ground truthing some of the emerging signals we see being articulated by our CTI engine. Over the last year, it has become increasingly more difficult to execute and evade on a Windows 10 endpoint, with off-the-shelf tooling. Being able to pull-off sophisticated operator tactics, with little to no modification to the underlying tradecraft, is important to our research because it signals to the likelihood an enterprise may encounter this vector. An effective technique to skirt modern defenses and achieve execution with just the knowledge of what tool systems to string together is quite advantageous for adversaries. Unsophisticated adversaries will utilize this knowledge for the obvious reason of reducing the associated skill barrier with an otherwise advanced technique that may not be otherwise accessible. Sophisticated adversaries may also utilize this same knowledge to mimic unsophisticated adversaries and make attribution more difficult. In this research, we string together tools that have been signaled by our CTI engine to get a Covenant C2 grunt (implant) to execute on a Win10E 1909 endpoint and bypass standard defenses in the Enterprise stack.
Technique: Process Hollowing (T1093)
Process hollowing occurs when a process is created in a suspended state then its memory is unmapped and replaced with malicious code. Similar to process Injection, execution of the malicious code is masked under a legitimate process and may evade defenses and detection analysis . Examples of advanced adversaries and tool systems that utilize process hollowing are Gorgon Group , Cobalt Strike  and Smoke Loader .
Stringing It All Together
As stated above, the whole point of this exercise is to get a Covenant Grunt executed on a Windows 10 endpoint, without tripping defenses. It would stand to reason that the first step would then be to setup a Covenant C2 infrastructure as per your needs.