Practical Malware Analysis — Chapter 3— Basic Dynamic Analysis

Sandboxes: The Quick & Dirty Approach

Running Malware

Monitoring with Process Monitor

Monitoring with Process Explorer

Using Dependency Walker

Comparing Registry Snapshots with Regshot

Faking a Network

  1. ApateDNS → https://www.fireeye.com/services/freeware/apatedns.html
  2. InetSIM → https://techanarchy.net/blog/installing-and-configuring-inetsim

Basic Dynamic Tools in Practice

  1. Running procmon and setting a filter on the malware executable name
    and clearing out all events just before running.
  2. Starting Process Explorer.
  3. Gathering a first snapshot of the registry using Regshot.
  4. Setting up your virtual network to your liking using INetSim and
    ApateDNS.
  5. Setting up network traffic logging using Wireshark.

NOTE

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kamran Saifullah

Kamran Saifullah

Malware/RE/Firmware Analysis, App Sec/Off Sec, VAPT, Phishing Simulations/SE | Risk Management, IS Governance, Audits, ISO 27001 LI