Malware Sandboxing Flashcards
Sandboxing is the process of detonating (running/executing) a piece of malware in a contained environment, and closely monitoring exactly what the software does, allowing security teams to collect indicators of compromise. Examples include monitoring the network traffic to see if the malware tries to communicate with a command-and-control (C2) server on the internet to receive commands or download additional modules, giving the malware more capability. By understanding how the malware operates, it becomes easier to create defenses that can detect and alert on similar activity.
Security teams will have access to dedicated enterprise-grade sandboxing and malware analysis tools. Replicating this is out of scope for this course, but we can teach you about sandboxing and malware analysis and have you learn to use the online platform Hybrid Analysis.
Hybrid Analysis
Hybrid Analysis is an online malware analysis platform that lets you upload malware for instant cloud-based analysis, providing you with a detailed report about the observed activity.
First, navigate to the Hybrid Analysis website. Here you can drag-and-drop, or browse for the file you want to upload.
Hybrid Analysis contd
Next, you can choose the operating system that you want to detonate the malware on – this is perfect for malware that only targets specific operating systems. For this activity, we’ll just use the default Windows virtual machine.
Once you’ve clicked “Generate Public Report” you will be directed to the report page once the analysis has been completed. You can see this below.
Analysis Results
Below is a screenshot of the results provided by Hybrid Analysis after we uploaded the piece of known malware. You can also view the report yourself here – https://www.hybrid-analysis.com/sample/240387329dee4f03f98a89a2feff9bf30dcba61fcf614cdac24129da54442762
Conclusion
Hybrid Analysis is a great free platform to submit suspicious attachments to see if they are malicious. While security teams will have their enterprise-grade tools, this is the perfect tool for security researchers and provides detailed analysis and reputation checks.