Suspend Inject and Resume

In thread execution hijacking, malware targets an existing thread of a process and avoids any noisy process or thread creations operations. Therefore, during analysis it is possible to see calls to CreateToolhelp32Snapshot and Thread32First followed by OpenThread.

Additional Resources

Subscribe to our Newsletter and don't miss important updates