Tip:
Highlight text to annotate it
X
In this video, we will analyse our malware with some Dynamic Analysis tools
We will be using four tools:
ApateDNS, Process Explorer, Process Monitor and Regshot
First off, we will use ApateDNS and set 127.0.0.1 as the gateway
This tool will show any network based indicators such as connections to websites
Next up, we will use Process Explorer
This tool shows all the processes currently running
It will also highlight any newly created processes in bright green
Also with regards to processes, Process Monitor will filter out and show you every action done by the malware
We add in some common Windows APIs to monitor for any actions in the hosts
Our last tool will be Regshot
This tool captures the state of the registry before and after running the malware
With all our tools ready and running, we now run the malware
Immediately, Process Explorer detected our malware
Back in the Process Monitor, we see that our malware made many changes to the registry
All the registry edits, along with the massive amount of files created, were recorded and showed
Now that our malware has finished executing, we can take our 2nd shot
After that is done, we compare the two states and generate a report
As seen here, registry changes are recorded and shown
These newly added registry keys will allow the malware to survive a computer reboot