Thread Execution Hijacking

In thread execution hijacking, malware targets an existing thread of a process and avoids any noisy process or thread creations operations. Therefore, during analysis it is possible to see calls to CreateToolhelp32Snapshot and Thread32First followed by OpenThread.

U1223

Additional Resources

Subscribe to our Newsletter and don't miss important updates