Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
7 views7 pages

Lecture 3

Dynamic analysis involves executing malware in an isolated environment to monitor its behavior and impact on the system. Key monitoring activities include process, file system, registry, and network monitoring, utilizing tools like Process Hacker, Process Monitor, and Wireshark. The analysis process consists of reverting to a clean state, running monitoring tools, executing the malware, stopping the tools, and analyzing the results to understand the malware's behavior.

Uploaded by

pk7428715
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views7 pages

Lecture 3

Dynamic analysis involves executing malware in an isolated environment to monitor its behavior and impact on the system. Key monitoring activities include process, file system, registry, and network monitoring, utilizing tools like Process Hacker, Process Monitor, and Wireshark. The analysis process consists of reverting to a clean state, running monitoring tools, executing the malware, stopping the tools, and analyzing the results to understand the malware's behavior.

Uploaded by

pk7428715
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Dynamic Analysis

Dynamic Analysis

Dynamic analysis (behavioral analysis) involves analyzing a sample by


executing it in an isolated environment and monitoring its activities,
interaction, and effect on the system.
System And Network Monitoring
During dynamic analysis, when the malware is executed, you will carry out various
monitoring activities. The objective is to gather real-time data related to malware
behavior and its the impact on the system. The following list outlines different types of
monitoring carried out during dynamic analysis:

Process monitoring: Involves monitoring the process activity and examining the
properties of the result process during malware execution.

File system monitoring: Includes monitoring the real-time file system activity during
malware execution.

Registry monitoring: Involves monitoring the registry keys accessed/modified and


registry data that is being read/written by the malicious binary.

Network monitoring: Involves monitoring the live traffic to and from the system
during malware execution.
Dynamic Analysis (Monitoring) Tools
Process Inspection with Process Hacker

• Process Hacker is an open source, multi purpose tool that helps in monitoring
system resources.
• It is a great tool for examining the processes running on the system and to
inspect the process attributes. It can also be used to explore services, network
connections, disk activity, and so on.
Determining System Interaction with Process Monitor

Process Monitor is an advanced monitoring tool that shows the real-time


interaction of the processes with the filesystem, registry, and process/thread
activity.
Capturing Network Traffic With Wireshark

• Wireshark is a packet sniffer that allows you to capture the network traffic.

• When the malware is executed, you will want to capture the network traffic generated as
a result of running the malware; this will help you understand the communication
channel used by the malware and will also help in determining network-based
indicators.

• To invoke Wireshark on Linux, run the following command:


$ sudo wireshark
Dynamic Analysis Steps

The following list outlines the steps involved in the dynamic analysis

• Reverting to the clean snapshot: This includes reverting your virtual machines to a clean state.

• Running the monitoring/dynamic analysis tools: In this step, you will run the monitoring tools
before executing the malware specimen. To get the most out of the monitoring tools covered in the
previous section, you need to run them with administrator privileges.

• Executing the malware specimen: In this step, you will run the malware sample with administrator
privileges.
• Stopping the monitoring tools: This involves terminating the monitoring tools after the malware

• Analyzing the results: This involves collecting the data/reports from the monitoring tools and
analyzing them to determine the malware's behavior and functionality.

You might also like