Posts

Showing posts from July, 2017

Five awesome tools to perform behavioural analysis of a malware

Image
Introduction 
This post explains about five awesome tools to perform behavioural analysis of a malware. These tools are really handy to perform a quick behavioural analysis to understand the characteristics of malware specimen. The main objective of behavioural analysis is to pull out indicators of compromise to defend and detect proactively.

Tools 

Process Hacker (http://processhacker.sourceforge.net/)Process Monitor (ProcMon) (https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx)CaptureBat (https://www.honeynet.org/node/315)Microsoft Network Monitor (https://blogs.technet.microsoft.com/netmon/p/downloads/)Autoruns (https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)Disclaimer You are dealing with real malware samplesDon’t expose them to internal networks or internetAnalyze them in a controlled environments (sandboxes)We are not responsible for any consequences of damage if you fail to obey the rulesAnalysis  A windows 7 virtual machine was setup with above me…