ID |
C0054 |
Objective(s) |
Process |
Related ATT&CK Techniques |
None |
Version |
2.2 |
Created |
14 January 2021 |
Last Modified |
30 April 2024 |
Malware resumes a thread.
Tool: capa |
Mapping |
APIs |
resume thread |
Resume Thread (C0054) |
kernel32.ResumeThread, ntdll.NtResumeThread, ntdll.ZwResumeThread, System.Threading.Thread::Resume |
Process::Resume Thread
SHA256: 465d3aac3ca4daa9ad4de04fcb999f358396efd7abceed9701c9c28c23c126db
Location: 0x41B345
push esi ; Where to store return value
mov ebx, param_1
mov param_1, dword ptr [ebx + 0x4]
push param_1 ; Handle to thread to resume
call KERNEL32.DLL::ResumeThread ; API call to resume thread
[1] capa v4.0, analyzed at MITRE on 10/12/2022