Update analysis_processhollowing.md

2024-06-10 21:32:07 +07:00 · 2020-01-03 17:14:20 +09:00 · 2020-01-03 17:14:20 +09:00 · 28f7d00269
commit 28f7d00269
parent 29eb38a973
1 changed files with 18 additions and 0 deletions
--- a/Trickbot/analysis_processhollowing.md
+++ b/Trickbot/analysis_processhollowing.md
@ -22,6 +22,24 @@
 ## Analysis contents
 ### File copy
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/shellexecute_2_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/filecopy_1_940.png)
 ![]()
 բնութագրվում է.exe
 ### VirtualAlloc and Data transition
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/virtualalloc_3_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/datasection_4_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy_5_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/datacopy2_6_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode_7_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/decode2_8_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/copytext_9_940.png)
 ### Createting Process and Heaven's Gate (Process Hollowing)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/svchost_10_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/heavensgate_11_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/ntdll_12_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccalc_13_940.png)
 ![](https://github.com/mether049/malware/blob/master/Trickbot/img/crccmp_14_940.png)
 ![]()
 ![]()