1
0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00

Update malware-tech_ref_and_memo.md

This commit is contained in:
mether049 2020-07-12 23:37:01 +09:00 committed by GitHub
parent 02da2c173a
commit 0c68ba4cd2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -10,7 +10,7 @@
- 正規プロセス等のアドレス空間にコードを注入することで検知や分析を妨害するTechnique
- 利用される正規プロセスsvchost.exe,explorer.exe,regsvr32.exe,etc.
- Heaven's Gateと組み合わせて利用される場合あり
-
**ref:**<br>
- 各種Injection/Hollowingで利用されるAPIの一覧<br>
[HUNTING PROCESS INJECTION BY WINDOWSAPI CALLS (2019-11)](https://malwareanalysis.co/wp-content/uploads/2019/11/Hunting-Process-Injection-by-Windows-API-Calls.pdf)<br>
@ -465,20 +465,20 @@ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
```
# Deleting, Disabling, Exiting, Killing, Terminating
## Delete Volume Shadow
### Delete Volume Shadow
- ランサムウェアはバックアップからの復元を防ぐためにvolume shadowを削除することが多い
```
vssadmin Delete Shadows /All /Quiet
```
## Delete Service
### Delete Service
```
sc delete
```
## Kill Task
### Kill Task
```
taskkill -f -im
```
## Terminate Process
### Terminate Process
- TerminateProcess APIの使用
# maldoc