nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity

Create analysis_processhollowing.md

Browse Source
This commit is contained in:
MxExTxH 2020-01-03 17:05:11 +09:00 committed by GitHub
parent ab62cf2b59
commit 80d964e967
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Trickbot/analysis_processhollowing.md Normal file
View File

@ -0,0 +1,27 @@
# Process Hollowing(Trickbot)
- Sample/Environment
- Analysis contents
- File copy
- VirtualAlloc and Data transition
- Createting Process and Heaven's Gate (Process Hollowing)
## Sample/Environment
- Sample
|sha256|[3A6C3F7B99B2E76914FBC338C622B92F9825CB77729B8BF050BA64ECE1679818](https://www.virustotal.com/gui/file/3a6c3f7b99b2e76914fbc338c622b92f9825cb77729b8bf050ba64ece1679818/detection)|
|:-|:-|
|filetype|PE(exe,32bit)|
|sandbox|[ANYRUN](https://app.any.run/tasks/9f302b49-4585-4905-b466-9459ff88c558/)<br>[HYBRID ANALYSIS](https://www.hybrid-analysis.com/sample/3a6c3f7b99b2e76914fbc338c622b92f9825cb77729b8bf050ba64ece1679818?environmentId=100)<br>[Triage](https://tria.ge/reports/191018-jnffne1l7x/task2)<br>|
- Environment
|vm|VirtualBox5.2, Guest Addtions Installed|
|:-|:-|
|os|Windows10 Home 64bit, FLARE VM Installed|
|debugger|x32/x64dbg, WinDbg|
## Analysis contents
### File copy
բնութագրվում է.exe
### VirtualAlloc and Data transition
### Createting Process and Heaven's Gate (Process Hollowing)