Process Injection in Malware

What is Process Injection?:

DLL Injection:

Analysis:

Inside the function SeDebugPriv4Access
Take snapshot of all processes and Find 1st Process
Find Next Process and Loop until explorer.exe PID is found
Check if Process is 32/64-bit in a 64-bit system
Open Process, Allocate space in memory, inject memory inside process
Create Thread inside process and run thread immediately after creation

TLDR:

--

--

I focus on Malware, RE, DFIR. This blog is used to improve my understanding of these concepts and show my progress.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ben Lee

I focus on Malware, RE, DFIR. This blog is used to improve my understanding of these concepts and show my progress.