Practical Malware Analysis — Chapter 3— Basic Dynamic Analysis

Sandboxes: The Quick & Dirty Approach

Running Malware

Monitoring with Process Monitor

Monitoring with Process Explorer

Using Dependency Walker

Comparing Registry Snapshots with Regshot

Faking a Network

  1. ApateDNS →
  2. InetSIM →

Basic Dynamic Tools in Practice

  1. Running procmon and setting a filter on the malware executable name
    and clearing out all events just before running.
  2. Starting Process Explorer.
  3. Gathering a first snapshot of the registry using Regshot.
  4. Setting up your virtual network to your liking using INetSim and
  5. Setting up network traffic logging using Wireshark.





Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kamran Saifullah

Kamran Saifullah

Malware/RE/Firmware Analysis, App Sec/Off Sec, VAPT, Phishing Simulations/SE | Risk Management, IS Governance, Audits, ISO 27001 LI