"Some experiments with Process Hollowing" by Frank Block

Process Hollowing is a technique used by various malware families (such as FormBook, TrickBot and Agent Tesla) to hide their malicious code within a benign appearing process. The typical workflow for setting up such a hollowed process is as follows: Create a new process (victim) using a benign executable, in suspended state. Unmap the executabl…

#Breaking, #incidentanalysis, #injection, #malware, #memoryforensics

https://insinuator.net/2022/09/some-experiments-with-process-hollowing/