search

[Day 12] Malware Analysis

December 12, 2022

Today I studied static and dynamic malware analysis. As opposed to having automated sandbox tools do work, I needed to get more information with manual analysis.

hashtag
Tools used

Detect It Easyarrow-up-right

Capaarrow-up-right

hashtag
Flags

hashtag
What is the architecture of the malware sample? (32-bit/64-bit)

64-bit

hashtag
What is the packer used in the malware sample? (format: lowercase)

upx

hashtag
What is the compiler used to build the malware sample? (format: lowercase)

nim

hashtag
How many MITRE ATT&CK techniques have been discovered attributed to the DISCOVERY tactic?

2

hashtag
What is the registry key abused by the malware?

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

hashtag
What is the value written on the registry key based on the previous question?

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wishes.bat

hashtag
What are the names of two files created by the malware under the C:\Users\Administrator\ directory? (format: file1,file2 in alphabetical order)

test.jpg,wishes.bat

hashtag
What are the two domains wherein malware has initiated a network connection? (format: domain1,domain2 in alphabetical order)

bestfestivalcompany.thm,virustotal.com

hashtag
Going back to strings inside the malware sample, what is the complete URL used to download the file hosted in the first domain accessed by the malware?

http://bestfestivalcompany.thm/favicon.ico

Previous[Day 11] Memory ForensicsNext[Day 13] Packet Analysis

Last updated