nganhkhoa/mether049-malware
1
0
Fork 0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
Code Issues Projects Releases Wiki Activity
28f7d00269
mether049-malware/Trickbot/analysis_processhollowing.md
MxExTxH 28f7d00269
Update analysis_processhollowing.md
2020-01-03 17:14:20 +09:00

2.2 KiB
Raw Blame History

Process Hollowing(Trickbot)

  • Sample/Environment
  • Analysis contents
    • File copy
    • VirtualAlloc and Data transition
    • Createting Process and Heaven's Gate (Process Hollowing)

Sample/Environment

  • Sample
sha256 3A6C3F7B99B2E76914FBC338C622B92F9825CB77729B8BF050BA64ECE1679818
filetype PE(exe,32bit)
sandbox ANYRUN
HYBRID ANALYSIS
Triage
  • Environment
vm VirtualBox5.2, Guest Addtions Installed
os Windows10 Home 64bit, FLARE VM Installed
debugger x32/x64dbg, WinDbg

Analysis contents

File copy

բնութագրվում է.exe

VirtualAlloc and Data transition

Createting Process and Heaven's Gate (Process Hollowing)