[Day 12] Malware Analysis

December 12, 2022

Today I studied static and dynamic malware analysis. As opposed to having automated sandbox tools do work, I needed to get more information with manual analysis.

Tools used

Detect It Easy

Capa

Flags

What is the architecture of the malware sample? (32-bit/64-bit)

64-bit

What is the packer used in the malware sample? (format: lowercase)

upx

What is the compiler used to build the malware sample? (format: lowercase)

nim

How many MITRE ATT&CK techniques have been discovered attributed to the DISCOVERY tactic?

What is the registry key abused by the malware?

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

What is the value written on the registry key based on the previous question?

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wishes.bat

What are the names of two files created by the malware under the C:\Users\Administrator\ directory? (format: file1,file2 in alphabetical order)

test.jpg,wishes.bat

What are the two domains wherein malware has initiated a network connection? (format: domain1,domain2 in alphabetical order)

bestfestivalcompany.thm,virustotal.com

Going back to strings inside the malware sample, what is the complete URL used to download the file hosted in the first domain accessed by the malware?

http://bestfestivalcompany.thm/favicon.ico

Previous[Day 11] Memory Forensics Next[Day 13] Packet Analysis

Last updated 2 years ago