1
0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00
mether049-malware/Trickbot/analysis_processhollowing.md
2020-01-03 17:05:11 +09:00

1.0 KiB

Process Hollowing(Trickbot)

  • Sample/Environment
  • Analysis contents
    • File copy
    • VirtualAlloc and Data transition
    • Createting Process and Heaven's Gate (Process Hollowing)

Sample/Environment

  • Sample
sha256 3A6C3F7B99B2E76914FBC338C622B92F9825CB77729B8BF050BA64ECE1679818
filetype PE(exe,32bit)
sandbox ANYRUN
HYBRID ANALYSIS
Triage
  • Environment
vm VirtualBox5.2, Guest Addtions Installed
os Windows10 Home 64bit, FLARE VM Installed
debugger x32/x64dbg, WinDbg

Analysis contents

File copy

բնութագրվում է.exe

VirtualAlloc and Data transition

Createting Process and Heaven's Gate (Process Hollowing)