nerdexam
GIAC

GREM · Question #74

GREM Question #74: Real Exam Question with Answer & Explanation

The correct answer is B. It signifies that the malware may be attempting process hollowing.. See the full explanation below for the reasoning.

Question

In the context of malware analysis, what is the significance of identifying a call to the CreateProcess function with the CREATE_SUSPENDED flag?

Options

  • AIt indicates the creation of a backup copy of the malware.
  • BIt signifies that the malware may be attempting process hollowing.
  • CIt is a standard practice for all Windows applications for better performance.
  • DIt denotes that the malware is self-replicating.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GREM Practice