Static and Dynamic Malware Analysis

In this lab, students will perform static and dynamic malware analysis. Analyzing malware is important because an analyst will want to know what actions the malware is performing on the system as well as on the network. The hash value of the malware can tell you if the malware has been widely used before. Dynamic analysis involves executing the malware and seeing how it behaves, whereas static analysis just involves examining the information contained within the file

Overview

Analyzing malware is important for many reasons. Malware analysis in general is taking steps to find out more information about things like who crafted a malware payload, where the malware is becoming to, or what types of actions the malware is trying to perform. Static analysis is where you look at the file contents and look at the strings and don’t execute the file. With dynamic malware analysis, you run the file (likely in a virtual environment not connected to a real network) to see the types of network and process actions that happen to the system

OUTCOMES

In this lab, you will learn to:

Perform static malware analysis
Perform dynamic malware analysis

Courses

Cybersecurity Attack and Defend Skill Lab

Key terms and descriptions

HxD

A hex editor that allows you to view the data within a file.

strings

A tool that will allow you to examine information within a file.

VirusTotal.com

A website that helps analyze malware samples.

Wireshark

A packet analyzer that will allow you to capture network traffic.

Notepad++

A free text editing program with more robust features than regular notepad.