Malware Technique: DLL Injection | Ricky Severino
flowchart
malproc((malicious process))
malproc --> GetCurrentProcess --handle--> OpenProcessToken --handle--> AdjustTokenPrivileges
malproc --SE_DEBUG_NAME--> LookupPrivilegeValue --LUID--> AdjustTokenPrivileges
malproc --target process name--> CreateToolhelp32Snapshot --pid--> OpenProcess --hProcess--> VirtualAllocEx --lpRemoteMemory--> WriteProcessMemory
malproc --injected dll path-->GetFullPathName --path--> WriteProcessMemory
malproc --kernel32.dll--> GetModuleHandle --hKernel32--> GetProcAddress --lpLoadLibrary--> CreateRemoteThread
OpenProcess --hProcess--> CreateRemoteThread
VirtualAllocEx --lpRemoteMemory--> CreateRemoteThread --> dll((injected dll))
AdjustTokenPrivileges -. needed when process owned by another account .-> VirtualAllocEx
WriteProcessMemory -.-> CreateRemoteThread