Attackers execute NETWIRE backdoor trojan using a process hollowing technique

From cyware.com

The Process Hollowing technique involves the use of VBScript, PowerShell, and the .NET framework.
The capabilities of the NETWIRE trojan includes keylogging, reverse shell, and password theft.

Researchers have come across a new phishing campaign in which attackers targeted multiple customers by using a fileless code injection attack. Dubbed as ‘Process Hollowing’, the technique involved the use of VBScript, PowerShell, and the .NET framework. The phishing campaign was discovered in February 2019.