Great walk-through. Lots of helpful tips. The reason Regshot did not catch file activity was because the checkbox option was not selected before your first shot. And for the HTTP traffic missing, that might be because Wireshark could not decrypt HTTPS traffic. I believe you would have seen something if you tried using fiddler as well. Thanks!
Very Informative Video Sir, I just wanted to know how you decide to run the malware for a particular amount of time. How you stopped malware to execute itself.
I would have liked to see the network settings so that the malware analysis could be done safely. I know the network adapter should be in host-only mode, but wouldn't that leave the VM without internet? Should I enable two network adapters? One in NAT and the other in host-only?
You will have to keep switching between both network interface as you progress with the analysis.Once you need internet switch to NAT and immediately switch back to Host only once done to avoid any issues
@@Pl4s_m4 check for Morrigu by Phil Leg, basically he compares the behaviour of evasive malwares before and after modifying the VM using a tool he created, maybe this will help you
Im scared to have my malware analysis machine in Bridged mode to do proper Dynamic Analysis cos i fear anything propegating to my host or any other device on our network
The module is to create your own malware analysis virtual machine. NO malware files to download, not copy of your notes to download. Anything available. The course itself is just a mess. Very disappointed about this module. Your explanation is very good, but without the resources seen in these videos... not a good thing.
You have no idea, how much you have helped me!!! Thankyouuuu
Great walk-through. Lots of helpful tips. The reason Regshot did not catch file activity was because the checkbox option was not selected before your first shot. And for the HTTP traffic missing, that might be because Wireshark could not decrypt HTTPS traffic. I believe you would have seen something if you tried using fiddler as well. Thanks!
you mean scan dir1 checkbox ? but in website they didn't check it either.
thanks for the video
Working on that chapter at Letsdefend SOC analysis path
Thank you so much this made things so much more clear to me if you have your own channel id love to follow thank you again
awesome content thank you
Good
thank you so much man!
Brilliant 😇
Very Informative Video Sir, I just wanted to know how you decide to run the malware for a particular amount of time. How you stopped malware to execute itself.
Zaid is so fucking fun bro i cant
I would have liked to see the network settings so that the malware analysis could be done safely. I know the network adapter should be in host-only mode, but wouldn't that leave the VM without internet? Should I enable two network adapters? One in NAT and the other in host-only?
You will have to keep switching between both network interface as you progress with the analysis.Once you need internet switch to NAT and immediately switch back to Host only once done to avoid any issues
How do you download the tools used for the malware analysis section ?
How can we download malware samples as shown in the clip ?
virus total
is there anyway to automate this whole analysis ?
If you find a way, let me know too?
@@Pl4s_m4 check for Morrigu by Phil Leg, basically he compares the behaviour of evasive malwares before and after modifying the VM using a tool he created, maybe this will help you
Im scared to have my malware analysis machine in Bridged mode to do proper Dynamic Analysis cos i fear anything propegating to my host or any other device on our network
Do not use bridged mode instead use Host only mode if you don’t need the internet but if you do switch to NAT
the quality part compare regshot so bad, is that editing
I can not even see is very blurry
The module is to create your own malware analysis virtual machine. NO malware files to download, not copy of your notes to download. Anything available. The course itself is just a mess. Very disappointed about this module. Your explanation is very good, but without the resources seen in these videos... not a good thing.
It’s a good module. It isnt really that hard to import the malware file from the internet by yourself…
On 11:05 you can see the name of the file that you are looking for inside %TEMP% tmp565A.tmp
c:\users\letsdefend\appdata
oaming\vbxfiqycyfdggl.exe -->This is the answer
no bro still not correct
thanks bro
How can we download malware samples as shown in the clip ?