Getting Started with Dynamic Analysis using Windows Sysinternals
Scenario: You are tasked with investigating a sample and gather as much data from it as possible. Execute the sample and use the technique discussed in Dynamic Analysis with Sysinternals.
Note: Use a separate machine to perform this task.
Tool: Windows Sysinternals
Question 1: Can you identify the name of a malicious process after executing it? How is the process malicious?
Question 2: Can you identify the persistence mechanism of the sample? How does it survive the reboot?
Question 3: Can you identify the Process ID and the Parent Process ID?
Question 4: Can you identify the file created by the sample?
Question 5: Can you recognize the artifacts in network traffic logs?
Question 6: Can you see the suspicious process inside the Run registry key? If not, why so?
#note: Use a separate isolated machine to perform this task.