Dynamic Analysis

Dynamic analysis involves observing the behavior of the malware while it is running. Here are the key steps and important parameters to consider:

• Environment Setup: Before executing the malware, it's crucial to set up a controlled environment. This is often a virtual machine configured to prevent the malware from causing harm to the analyst's system or network. Tools like Cuckoo Sandbox can be used to automate this process.

• Execution and Monitoring: The malware is then executed within the controlled environment and its behavior is monitored. This can involve observing changes made to the system, such as file creation, registry changes, and network communication. Tools like Process Monitor, Regshot, and Wireshark can be used to track these changes.

• Network Traffic Analysis: By monitoring network traffic, analysts can identify any remote servers the malware communicates with, as well as the nature of this communication. This information can be crucial in understanding the purpose of the malware and potentially identifying its controller.

• Persistence Mechanism Identification: Many types of malware attempt to ensure they remain on the system after reboot, known as persistence. Identifying these mechanisms can be crucial in fully removing the malware from an infected system.

• Behavior Documentation: The malware's behavior is documented for future reference and for sharing with other researchers. This documentation can include the malware's actions, any changes made to the system, and any network communication.

• Results Analysis: The results of the dynamic analysis are then analyzed to understand the malware's purpose and behavior. This can involve comparing the observed behavior with the findings from the static analysis.

Dynamic analysis can provide valuable insights into a malware's behavior that might not be apparent from static analysis alone. However, it also carries more risk, as it involves executing the malware. Therefore, it should always be performed in a controlled environment.

Never judge a malware based on response of 1 Anti-Virus. Using VirusTotal is a nice option since it has a variety of antivirus.