Malicious software analysis

Lab $3-1$

Analyze the malware found in the file Lab$03-01.$exe using basic dynamic analysis tools.

Questions

$1.$What are this malware's imports and strings?

$2.$What are the malware's host$-$based indicators?

$3.$Are there any useful network$-$based signatures for this malware? If so$,$ what are they?

Lab $3-2$

Analyze the malware found in the file Lab$03-02.$dll using basic dynamic analysis tools.

Questions:

$1.$How can you get this malware to install itself?

$2.$How would you get this malware to run after installation?

$3.$How can you find the process under which this malware is running?

$4.$Which filters could you set to use procmon to glean information?

$5.$What are the malware's host$-$based indicators?

$6.$Are there any useful network$-$based signatures for this malware?

Lab $3-3$

Execute the malware found in the file Lab$03-03.$exe while monitoring it using basic dynamic analysis tools in a safe environment.

Questions:

$1.$What do you notice when monitoring this malware with Process Explorer?

$2.$Can you identify any live memory modifications?

$3.$What are the malware's host$-$based indicators?

$4.$ What is the purpose of this program?

Lab $3-4$

Analyze the malware found in the file Lab$03-04.$exe using basic dynamic analysis tools.

Questions:

$1.$What happens when you run this file?

$2.$What is causing the roadblock in dynamic analysis?

$3.$ Are there other ways to run this program?

Dr$.$ Eman Al$-$Qtiemat