In File Explorer, right-click key.exe and choose Run as Administrator. Repeat the process until all current processes are You see Process Monitor, with a lot of visible events, Go to and download / extract Process Monitor. In Windows Event Viewer, which will typically Note: For this project, no web requests will be made by the malware, but it's a good idea to monitor network traffic when running malware. Close any open web browsers to limit the traffic. Once that command is entered, you can stop and start the capture again by clicking the red box and the blue fin above the command line. Note: To get the ip of your host machine, Google search " What's My IP? Replacing 192.168.10.10 with your host machine IP address: To filter out the RDP traffic, enter this into the Wireshark command line, There will be a lot of traffic at the start because you are running RDP from your host machine to the Windows cloud machine. The interface that goes to the Internet, it should be "Ethernet". Start Wireshark and begin capturing packets from Install Wireshark with the default options Go to and save/run the Windows Installer (64-bit) file. We will use these three programs to see what the Technique, trusting a system that is being Then run the malware, and let it have its way These look like strings used by a keylogger.ĭynamic analysis is simple: run monitoring tools, Scroll up and find the key definitions, including C:\windows\vmx32to64.exe - An interesting file.Which assist us in identifying what the exe is doing. ![]() rdata" and click " IMPORT Address Table",Īs you scroll you will see functions such as WriteConsoleW, ![]() Basic Static Analysis Downloading and Extracting the SampleĪs shown below, if you expand " SECTION. The Malware Analysis Cloud Machine you prepared in a previous project, running Windows Server 2016.PMA 221: Basic Dynamic Analysis (30 pts + 30 extra) PMA 221: Basic Dynamic Analysis (30 pts + 30 extra)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |