Malware Dynamic Behavioral Analysis
Malware analysts must develop the skills needed to perform the necessary steps. Malware authors are constantly innovating and we, too, future malware analysts must cope with this. Performing procedures and staged analysis can help to simplify the life of an analyst, depending on the situation an analyst may encounter a situation inside their organization that it requires them to respond to a fast paced procedure when it comes to an incident.
This type of analysis is then performed by executing the sample inside an isolated environment or inside a malware sandbox. With the help of tools, an analyst can extract data that cannot be viewed during static analysis (e.g., strings, IP addresses, API keys).
Behavioral analysis together with the correct tools aids the analyst to understand the sample, and this alone can generate data that can be used for detecting host-based and network-based indicators of compromise(IOC).
As the malware evolves, malware authors also used evasion techniques to bypass this type of analysis whether detecting the environment where the sample is being executed or has the ability to terminate itself if it detects something odd during execution. As you perform this analysis and an analyst finds no valuable information, it is then needed to perform extra steps to overcome this problem.
Wireshark
SSDT View
Regshot
GMER
FakeNet-NG
Ring3 API Hooker
