Welcome TurkHackTeam Members, in this article I wrote about Stages of Malware Analysis. This topic won't take so long.
There are already a few articles about this topic, however I will give some different information.
First one is: Static Properties Analysis
Static properties include strings embedded in the malware code, header details, hashes, métadata, embedded resources, et cetera. This type of data may be all that is needed to create IOCs, and they can be acquired very quickly because there is no need to run the program in order to see them. This one is the easiest way. However you cannot understand all suspicious softwares whether it is a malware or not. Insights gathered during the static properties analysis can indicate whether a deeper investigation using more comprehensive techniques is necessary and determine which steps should be taken next.
Second: Interactive Behavior Analysis
Behavioral analysis is used to observe and interact with a malware sample running in a lab. Analysts seek to understand the samples registry, file system, process and network activities. They may also conduct memory forensics to learn how the malware uses memory. This method is mostly used while scanning on sandboxes. If the analysts suspect that the malware has a certain capability, they can set up a simulation to test their theory.
Third: Fully Automated Analysis
Fully automated analysis quickly and simply assesses suspicious files. The analysis can determine potential repercussions if the malware were to infiltrate the network and then produce an easy-to-read report that provides fast answers for security teams. So as you can see, this one is a bit more complicated. Fully automated analysis is the best way to process malware at scale.
Last one: Manual Code Reversing
In this stage, analysts reverse-engineer code using debuggers, disassemblers, compilers and specialized tools to decode encrypted data, determine the logic behind the malware algorithm and understand any hidden capabilities that the malware has not yet exhibited. Code reversing is a rare skill, and executing code reversals takes a great deal of time. For these reasons, malware investigations often skip this step and therefore miss out on a lot of valuable insights into the nature of the malware. You need to be cracker, a reverse engineering expert. This one is the most complicated and long one.
Thanks for reading. Have a nice day.
There are already a few articles about this topic, however I will give some different information.
First one is: Static Properties Analysis
Static properties include strings embedded in the malware code, header details, hashes, métadata, embedded resources, et cetera. This type of data may be all that is needed to create IOCs, and they can be acquired very quickly because there is no need to run the program in order to see them. This one is the easiest way. However you cannot understand all suspicious softwares whether it is a malware or not. Insights gathered during the static properties analysis can indicate whether a deeper investigation using more comprehensive techniques is necessary and determine which steps should be taken next.
Second: Interactive Behavior Analysis
Behavioral analysis is used to observe and interact with a malware sample running in a lab. Analysts seek to understand the samples registry, file system, process and network activities. They may also conduct memory forensics to learn how the malware uses memory. This method is mostly used while scanning on sandboxes. If the analysts suspect that the malware has a certain capability, they can set up a simulation to test their theory.
Third: Fully Automated Analysis
Fully automated analysis quickly and simply assesses suspicious files. The analysis can determine potential repercussions if the malware were to infiltrate the network and then produce an easy-to-read report that provides fast answers for security teams. So as you can see, this one is a bit more complicated. Fully automated analysis is the best way to process malware at scale.
Last one: Manual Code Reversing
In this stage, analysts reverse-engineer code using debuggers, disassemblers, compilers and specialized tools to decode encrypted data, determine the logic behind the malware algorithm and understand any hidden capabilities that the malware has not yet exhibited. Code reversing is a rare skill, and executing code reversals takes a great deal of time. For these reasons, malware investigations often skip this step and therefore miss out on a lot of valuable insights into the nature of the malware. You need to be cracker, a reverse engineering expert. This one is the most complicated and long one.
Thanks for reading. Have a nice day.
