Hi there 馃憢

Welcome to IntelOverflow. I鈥檓 Syed. Explore my articles as I embark on this journey of learning more about Forensics, Threat Hunting, and Cyber-threat Intelligence.

Practical Malware Analysis: LAB 07

Chapter Seven focused on analyzing programs which are designed to run on the Windows operating system and make use of the Windows API exposed to developers to interact with the system, its kernel, and other resources available to the user. Exercise 1 Hash Name c04fd8d9198095192e7d55345966da2e Lab07-01.exe 86ee262230cbf6f099b6086089da9eb9075b4521 Lab07-01.exe 0c98769e42b364711c478226ef199bfbba90db80175eb1b8cd565aa694c09852 Lab07-01.exe Analyze the malware found in the file Lab07-01....

October 11, 2021 路 14 min 路 Syed Hasan

Practical Malware Analysis: LAB 06

Chapter Six focused on code constructs and how analysts can easily identify them when walking through the disassembly in IDA. Let鈥檚 take a look at the exercises now. Exercise 1 Hash Name 6abde2f83015f066385d27cff6143c44 Lab06-01.exe 536e6f91d4515e30af7afd37f22c213fee152126 Lab06-01.exe fe30f280b1d0a5e9cef3324c2e8677f55a6202599d489170ece125f3cd843a03 Lab06-01.exe Question Number 1: What is the major code construct found in the only subroutine called by main? Let鈥檚 get to work....

September 13, 2021 路 9 min 路 Syed Hasan

MalDoc Analysis: Cheeky HTA Loader

Let鈥檚 dig into a (potentially) malicious document and see what indicators it navigates us to. Hash Name 499b2d5a07fbcfbc8a6ec124c14efde7 ordain-08.21.doc fedbbc359e03b17bd7866a31283c3ff87cc693e4 ordain-08.21.doc 331742a3835a6634e1331be491a789f7e5ddcefc6a30b7965dbf970d214b36d4 ordain-08.21.doc Download: You can acquire this sample from MalwareBazaar Initial Analysis Let鈥檚 first unzip the file with MalwareBazaar鈥檚 standard password: infected [PS: I鈥檓 going to rename the file for sanity鈥檚 sake] Once done, we can check to see what file type we鈥檙e dealing with: file Ordain....

September 2, 2021 路 5 min 路 Syed Hasan

Practical Malware Analysis: LAB 01

Let鈥檚 kick it off. The first chapter of PMA was an introduction to Basic Static Analysis. Although there鈥檚 a unique set of tools used in the book, I鈥檇 be improvising and testing other tools which might achieve the same purpose. Tooling I鈥檒l be using the following tools/services for this chapter: [I鈥檓 diverting from the toolset used by the author鈥 mainly because they鈥檙e outdated] PEStudio PEView PEID ExeInfoPE VirusTotal Exercise 1 Hash Filename BB7425B82141A1C0F7D60E5106676BB1 Lab01-01....

August 13, 2021 路 7 min 路 Syed Hasan

Practical Malware Analysis: LAB 05

Previously, we covered Basic Static Analysis and Basic Dynamic Analysis in Chapter 1 and 3 of Practical Malware Analysis. That marks an end to the first part of the book. The fourth chapter kicks off the second part of the book and takes a slight detour to cover one of the most important pre-requisites to perform malware analysis; assembly language. However, the crash course doesn鈥檛 have any exercises. It鈥檚 why we鈥檒l be proceeding to exercises of the fifth chapter i....

August 13, 2021 路 13 min 路 Syed Hasan