101.school
CoursesAbout
Search...⌘K
Generate a course with AI...

    Introduction to Malware Analysis

    Receive aemail containing the next unit.
    • Introduction to Malware Analysis
      • 1.1Importance of Malware Analysis
      • 1.2Types of Malware
      • 1.3Basic Terminology
    • Preliminary Analysis Techniques
      • 2.1Fingerprinting
      • 2.2Static Properties Analysis
      • 2.3Code Identity Techniques
    • Environment for Malware Analysis
      • 3.1Safe Setup Guidelines
      • 3.2Virtual Machines and how to use them
      • 3.3Basic tools for analysis
    • Static Malware Analysis
      • 4.1PE File Basics
      • 4.2Viewing Files
      • 4.3Disassembling Programs
    • Dynamic Malware Analysis
      • 5.1Introduction
      • 5.2Dynamic Analysis Tools
      • 5.3Dynamic Analysis Techniques
    • Understanding Malware Behaviour
      • 6.1Memory Forensics
      • 6.2Registry Analysis
      • 6.3Network Analysis
    • Reverse Engineering
      • 7.1Introduction to Reverse Engineering
      • 7.2Methods of Reverse Engineering
      • 7.3Tools for Reverse Engineering
    • Advanced Static Analysis
      • 8.1Assembler Basics
      • 8.2Code Constructs
      • 8.3Data Encodings
    • Advanced Dynamic Analysis
      • 9.1Self-Defending Malware
      • 9.2Debugging and Debugger
      • 9.3Discovering Algorithms
    • Anti-Reverse Engineering
      • 10.1Packers, Crypters and Protectors
      • 10.2Rootkits
      • 10.3Anti-debugging Tricks
    • Malware and Network
      • 11.1Botnets
      • 11.2Traffic Analysis
      • 11.3Identification of Command and Control Servers
    • Malware Attribution
      • 12.1Threat Actors and Campaigns
      • 12.2Attribution Techniques
      • 12.3Case Study
    • Malware Mitigation and Prevention
      • 13.1Incident Response
      • 13.2Remediation
      • 13.3Future Trends in Malware

    Dynamic Malware Analysis

    Dynamic Analysis Tools for Malware Analysis

    Network traffic analyzer

    Network traffic analyzer.

    In the realm of malware analysis, dynamic analysis tools play a crucial role. These tools allow analysts to observe and record the behavior of malware in a controlled environment, providing valuable insights into its functionality, communication methods, and overall impact on the infected system. This article will introduce some of the most commonly used dynamic analysis tools and provide a walkthrough on how to set up and use them.

    Wireshark

    Wireshark is a widely used network protocol analyzer. It allows you to capture and interactively browse the traffic running on a computer network. It is used in dynamic malware analysis to monitor the network traffic generated by the malware. This can help identify any remote servers the malware communicates with, the data it sends and receives, and the protocols it uses.

    To use Wireshark effectively, you need to understand the basics of network protocols like TCP/IP and HTTP. You should also be familiar with the concept of network ports and how to filter network traffic using Wireshark's powerful filtering capabilities.

    Process Monitor

    Process Monitor is a monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity. It combines the features of two older Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements.

    In the context of dynamic malware analysis, Process Monitor can be used to observe the changes a piece of malware makes to the file system and the Windows Registry. It can also show you which processes the malware interacts with and any DLLs it loads.

    Process Explorer

    Process Explorer is another Sysinternals tool that can be used in dynamic malware analysis. It provides a more detailed view of the processes running on your system than the standard Windows Task Manager.

    Process Explorer can show you detailed information about a process including its icon, command-line, full image path, memory statistics, user account, security attributes, and more. It can also show the loaded DLLs and mapped files, which can be useful in malware analysis.

    Regshot

    Regshot is an open-source registry compare utility that allows you to take a snapshot of your system's registry and then compare it with another snapshot taken after a change has been made. This can be extremely useful in dynamic malware analysis to identify the changes a piece of malware makes to the Windows Registry.

    To use Regshot, you would typically take a snapshot of the registry before running the malware, and then another snapshot after the malware has run. Regshot will then compare the two snapshots and show you the changes.

    In conclusion, dynamic analysis tools are essential for effective malware analysis. They allow you to observe the behavior of malware in a controlled environment and provide valuable insights into its functionality and impact on the infected system. By understanding how to use these tools, you can significantly enhance your malware analysis skills.

    Test me
    Practical exercise
    Further reading

    Buenos dias, any questions for me?

    Sign in to chat
    Next up: Dynamic Analysis Techniques