Assignment Help logo
support@assignmenthelp.net
Language:EN
Pages: 5
Words: 1325
Rating : ⭐⭐⭐⭐⭐
Price: $10.99
Download Now
Page 1 Preview
analyse and detect the process malware named dyre

Analyse and detect the process malware named dyre

Question 1:

Investigate about `Dyre’ malware and answer the following questions:

  1. What type of malware is Dyre? (Hint: refer to Week 2 lecture)

Answer: Dyre belong to the Upatre (banking trojan malware) family. This new APT attack threat will target large corporates.

Answer: Hexadecimal is a number system which use to represent a series of numbers which has base value of 16. In a hexadecimal number, there is only 16 symbols or digits are possible which ranges from 0 – 9 and A – F. here, four digits are used to represent a hexadecimal number.

  1. What does the `MZ header’ indicate?

  1. Include a screenshot of the content of “output1.txt” file on Windows 7 VM Desktop

Answer: here is the screenshot of the contents of the “output1.txt” file:

Answer: the second process is added by dyre to hide the original/main process. The second process may use another signature with different value. The second process will aim to start an updater process of google updater which possibly starts an update process for google chrome update.

Question 5:

Output 1 –

MD5: C2D73485095EFDBD7AB625E469AFFB11

IMP: 8BCCA895CC1AAD9A2D2D4E9BA64A1EDA

Output 2 –

SHA256: 523B9E8057EF0905E2C7D51B742D4BE9374CF2EEE5A810F05D987604847C549D

IMP: 8BCCA895CC1AAD9A2D2D4E9BA64A1EDA

  1. How do you open Windows Registry in Windows 7 VM? Include screenshot of

accessing the Windows Registry.

  1. What did the malware do to the registration tree and what was that for?

Answer: the Dyre malware do six major changes to the windows registry which are fall under HKU registry entry. These changes are seeming to conducted to change the access level of administrator.

Question 7:

a. Refer to https://nakedsecurity.sophos.com/2020/05/22/the-ransomware-thatattacks-

week’s task. How did task 2.1P complement the lecture content in Week 2?

Answer: in this lab work, we download, analyse and detect the process of a malware named as Dyre. We have downloaded the main malware file and some tools to analyse it in a secured virtual environment which is detached from the network after all the files are there. A window 7 VM is used in this task. Several tools are used in this task such as Hex editor to analyse Hex value of the file, sigcheck tool is used to verify signatures of the file, procmon tool is used to list and analyse processes running on the system and regshot tool is used to take snapshot of the system registry that will help in analysing registry before and after the infection. In this lab, we have in-depth knowledge of the Dyre malware, its infection process and working on tools to analyse the infection and the level of infection.

You are viewing 1/3rd of the document.Purchase the document to get full access instantly

Immediately available after payment
Both online and downloadable
No strings attached
How It Works
Login account
Login Your Account
Place in cart
Add to Cart
send in the money
Make payment
Document download
Download File
img

Uploaded by : Jonathan Smith

PageId: DOC9B570BC

©2009-2024 Assignmenthelp.net