Computer Methodology - Malware Analysis

 What is Malware Analysis process?

Malware analysis is the way toward understanding the conduct and purpose of a suspicious file or URL, The output of the analysis helps in the identification and moderation of the possible danger (Baker,2020). 




What are the types of Malware Analysis?

• Static Analysis: you need a solid comprehension of programming and x86 assembly language concept. During the static analysis process, you don't need to execute the malware. For the most part, the source code of malware samples isn't readily available. You need to do dismantling and decompiling first, and after effectively performing figuring out you can investigate the low-level assembly code. Most malware analyses play out a static analysis at a previous stage in the malware analysis process since it is more secure than dynamic analysis. The challenge in static analysis is the intricacy of present-day malware, where a portion of the malware carries out anti-debugging systems to forestall malware analysts from analysing the bits of code (packtpub,2020).

• Dynamic Analysis: (behaviour analysis) is a process in malware analysis that plays out an execution of the malware itself and notices the malware movement. It likewise notices the progressions that happen when the malware is being executed. Infecting a system with malware from the wild can be extremely risky.  Malware infection on your system can cause damage to your system such as file deletion, change in registry, file modification, stealing confidential data/information, etc. When performing malware analysis, you need a protected environment and the network should not connect to production networks (packtpub,2020).






What are the benefits of Malware Analysis?

• Pragmatically triage incidents by level of severity (Baker,2020). 

• Reveal hidden indicators of compromise (IOCs) that ought to be impeded (Baker,2020). 

• Improve the efficacy of IOC alarms and notices (Baker,2020). 

• Advance setting when threat hunting (Baker,2020). 




Why Malware Analysis is important?

In case you're a vigilant Windows user, you sometimes may see a document with a weird or dubious name that you'd prefer to explore. Or in case you're an ethical hacker or are on the incident response team of an organization you might be entrusted with investigating files to decide if they're legitimate or malicious. In any case, you need an approach to have the option to separate great code and software from malicious varieties (Mukherjee,2020).





What are the four stages of Malware Analysis? 

At the point when you learn how to read and understand code, you do so gradually. Malware analysis is a lot of something very similar.  It’s a process that you approach through a series of formulated steps that become progressively perplexing the further you go. There are four phases to malware analysis, regularly outlined using a pyramid diagram that expands in intricacy as you go further into the cycle. For ease, we'll separate every one of the four phases of malware analysis from the beginning (Mukherjee,2020).

(Mukherjee,2020)






What is the process of Malware Analysis?

The shown diagram below is demonstrated the process of Malware Analysis:



(Kara,2019)








References:

PACKTPUB (2020) Malware analysis methodologies. [Online] PACKTPUB. Available from: Malware analysis methodologies - Cuckoo Malware Analysis (packtpub.com) [Accessed 26/05/21].

MUKHERJEE, L (2020) Intro to Malware Analysis: What It Is & How It Works. [Online] INFOSECINSIGHTS. Available from: Intro to Malware Analysis: What It Is & How It Works | InfoSec Insights (sectigostore.com) [Accessed 26/05/21].

BAKER, K (2020) Malware analysis. [Online] CRODSTRIKE. Available from: Malware Analysis Explained | Steps & Examples | CrowdStrike [Accessed 26/05/21].

KARA, I (2019) A basic malware analysis method. [Online] RESEARCHGATE. Available from: CyberFraud.pdf [Accessed 26/05/21].

0 Comments