A piece of malware is running on a Windows 7 machine via process injection, so it does not show up in a process list. What remote forensic technique could be used to discover the malware is running under the contents of a specific process?
Asked
Active
Viewed 3,636 times
5
-
If you have specific process then Process Monitor from Microsoft Sys Internals. – Aria Aug 09 '16 at 00:09
-
This didn't happen to be from an Army technical assessment did it? Found this question when looking for help on mine, and it's got the exact same wording lol – Noah Miller Nov 27 '16 at 19:12
1 Answers
2
I would definitely use Process Mon from Sys Internals as well.
Link: Process Monitor Download Page
I would also look into AutoRuns as well from the same site. If by chance the malware is persistent, AutoRuns will show you whether or not the process is initiated at boot - as well as other useful information. Good luck!
Tyler Gallenbeck
- 417
- 2
- 7