Dynamic Malware Analysis Example #1

Aashish Thapa Magar

Apr 17, 2023

--

(Desktop/Malware Samples/law.exe) Connect Virtual Machine via ‘Connect’ Button. What is the domain name that the malware connects to for data hijacking?

Steps:

Extract and Execute the Malware “Law.exe”.
Lunch Wireshark and Search “smtp” if found stop the capturing process.

(Desktop/Malware Samples/law.exe) Connect Virtual Machine via ‘Connect’ Button. On which port does the malware communicate over?

(Desktop/Malware Samples/law.exe) Connect Virtual Machine via ‘Connect’ Button. What is the name of the executable file that the malicious application writes to the AppData directory?

In ProcMon you can use the filter with the process and path to get the executable name.

(Desktop/Malware Samples/law.exe) Connect Virtual Machine via ‘Connect’ Button. Which Registry Key does the malware use to ensure persistence?

Dynamic Malware Analysis

Written by Aashish Thapa Magar

MSc Cyber Security graduate with a passion for technology and expertise in development. Skilled in securing systems and designing secure software solutions.

Responses (1)

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams