Malware Analysis – Perform Dynamic & Static Analysis

Malware Analysis – Perform Dynamic & Static Analysis
Malware Analysis – Perform Dynamic & Static Analysis
Malware Analysis – Perform Dynamic & Static Analysis
Malware Analysis – Perform Dynamic & Static Analysis
Malware Analysis – Perform Dynamic & Static Analysis

Malware analysis is the process of understanding the behavior and purpose of a suspicious file or URL.

Example:

Let’s say we have received an email that includes a file or a URL. We want to check whether the file attached to the email is malware or not, and here is a scenario where Malware analysis.

Malware Analysis Live [Practical]

https://youtu.be/Nq7tykqseoo

Malware analysis categories:

1. Static Analysis

2. Dynamic Analysis

Static Analysis

Static analysis is a method of analyzing the sample or file at the state it presents itself as, without executing the file.

There are many ways to perform static analysis on a file, like using:

  • Signature-based detection
  • Permission-based detection
  • Source code review

TryHackMe has a complete module on Malware Analysis if you want to check it out:

https://tryhackme.com/module/malware-analysis

Dynamic Analysis

Dynamic Analysis essentially involves executing the sample and observing what happens. This of course is not safe. Because the file could be malware or ransomware that encrypts your file or attack your network etc.

Example:

Back to the previous example, when we received an email that includes a file. What we do here is, download the file, execute it on our machine. Then see how it behaves, like what registry keys were modified/created or what IP address the file tries to connect to or whether it downloads anything from the internet, and so on.

It’s not necessary to execute the file on our machine, instead, we can use online sandboxing services that will allow us to upload the file to its sandbox, and it will do the analysis for us which is much safer.

URLs:

HashTab https://bit.ly/3HCbVxB

VirusTotal: https://bit.ly/3B4zP29

Process Hacker 2: https://bit.ly/3si9g5W

TCPView: https://bit.ly/3JaGZFg

Hybrid Analysis: https://bit.ly/3B2I6DN

Any Run: https://any.run/

Saad Sarraj

I am a CyberSecurity and Ethical Hacking/Penetration Testing passionate. I am also a TryHackMe Top 1% CTF Player.

Leave a Reply

Your email address will not be published. Required fields are marked *