search

Dynamic Analysis

hashtag
Sandboxes

  • Cuckoo's

  • CAPE

  • Online sandboxes

    • Online Cuckoo

    • Any.run

    • Intezer

    • Hybrid Analysis (which we see below)

hashtag
Tools

hashtag
Process Monitor

hashtag
API Logger and API Monitor

As Windows requires an API for every task (e.g, create file/process, deleting registry, etc.), we can just monitor which APIs the mawlare calls to give us an idea of what it's doing.

hashtag
Process Explorer

hashtag
Regshot

Debuggers

  • source level debuggers: high level debuggers and shows local variables

  • assembly level debuggers: most common type and shows CPU registers' values and memory

  • kernel level debuggers: needs two systems, 1 to run the code and 1 for debugging the code

hashtag
Analyzing samples using Hybrid Analysis

Inputting MD5 hash
Checking out the samples based on environment (e.g., Windows 10 64 bit)
Checking out the process tree to understand the malware's path

PreviousStatic AnalysisNextReverse Engineering

Last updated