Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security Blue - Phishing Analysis > Malware Sandboxing > Flashcards

Malware Sandboxing Flashcards

1
Q
A

Sandboxing is the process of detonating (running/executing) a piece of malware in a contained environment, and closely monitoring exactly what the software does, allowing security teams to collect indicators of compromise. Examples include monitoring the network traffic to see if the malware tries to communicate with a command-and-control (C2) server on the internet to receive commands or download additional modules, giving the malware more capability. By understanding how the malware operates, it becomes easier to create defenses that can detect and alert on similar activity.

Security teams will have access to dedicated enterprise-grade sandboxing and malware analysis tools. Replicating this is out of scope for this course, but we can teach you about sandboxing and malware analysis and have you learn to use the online platform Hybrid Analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Hybrid Analysis

A

Hybrid Analysis is an online malware analysis platform that lets you upload malware for instant cloud-based analysis, providing you with a detailed report about the observed activity.

First, navigate to the Hybrid Analysis website. Here you can drag-and-drop, or browse for the file you want to upload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hybrid Analysis contd

A

Next, you can choose the operating system that you want to detonate the malware on – this is perfect for malware that only targets specific operating systems. For this activity, we’ll just use the default Windows virtual machine.

Once you’ve clicked “Generate Public Report” you will be directed to the report page once the analysis has been completed. You can see this below.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Analysis Results

A

Below is a screenshot of the results provided by Hybrid Analysis after we uploaded the piece of known malware. You can also view the report yourself here – https://www.hybrid-analysis.com/sample/240387329dee4f03f98a89a2feff9bf30dcba61fcf614cdac24129da54442762

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Conclusion

A

Hybrid Analysis is a great free platform to submit suspicious attachments to see if they are malicious. While security teams will have their enterprise-grade tools, this is the perfect tool for security researchers and provides detailed analysis and reputation checks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security Blue - Phishing Analysis (62 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions