Malware-Traffic-Analysis
Malware Traffic Analysis
Objective
The objective of this lab was to establish an environment conducive to analyzing PCAPs containing malicious traffic. This involved setting up a Windows 10 virtual machine instance and installing Wireshark on the machine. Subsequently, a malicious PCAP file was obtained and dissected, replicating real-world scenarios of threat traffic. This hands-on experience taught me a profound comprehension of threat detection, threat-hunting methodologies, and incident response protocols.
Skills Learned
- Familiarity with malwareโs objectives and functionalities, including its propagation and payload delivery modes.
- Proficiency in utilizing Indicators of Compromise (IoCs) to detect and identify infections within systems, aiding in proactive threat detection and response.
- Understanding diverse network protocols and their security implications enables effective monitoring and defense against malicious activities.
- Comprehension of the behaviors and actions exhibited by malware on infected systems, facilitating efficient incident analysis and response strategies.
Tools Used
- ๐ช๐ถ๐ฟ๐ฒ๐๐ต๐ฎ๐ฟ๐ธ - Wireshark is a network protocol analyzer, an application that captures and helps to investigate packets from a network connection.
- ๐ฉ๐ถ๐ฟ๐๐๐ง๐ผ๐๐ฎ๐น - An online service that analyzes suspicious files and URLs to detect malware and malicious content using antivirus engines and website scanners.
Demonstration Video
Steps
- Installed Wireshark on the Windows 10 Virtual Machine and downloaded a malicious PCAP for analysis.
- Sorted the packets based on HTTP requests and gathered the downloadable application files from the accessed websites.
- Recorded the basic information gathered about the applications in a text file.
- Used Windows Powershell to generate hash values for the applications
- Conducted malware analysis on the applications on VirusTotal using the hash values generated.
- Recorded the information gathered into the document.
- Conducted deep analysis on the packets to find information about the exploit path.
- Recorded the details found in the document and created a short final report using it.
