CTEC5807 Malware Analysis

Have you enrolled for class or coursework CTEC5807 Malware Analysis? Is assignment tough for this course program? Are You Looking for CTEC5807 Malware Analysis assignment help and homework writing service?

We at Expertsminds.com offer quality CTEC5807 Malware Analysis assignment help, Malware Investigation assignment solutions, coursework writing services, homework help and tutor service at cost effective price. Our tutors under computer science subject, provides highly quality driven solution document for this assignment and coursework so that students may achieve top score.

Assignment Title: Malware Investigation

The learning outcomes of Malware Investigation that are assessed by this coursework are:

• Identify and demonstrate malware using appropriate tools, procedures and techniques
• Interpret & communicate the significance of malware behavior to decision makers
• Assess and synthesize the likely impact of a malware infection from its binary
• Distinguish & critically compare malware delivery & spreading techniques

Assignment  Detail

Tasks to be undertaken:

In this Malware Investigation coursework, you are required to perform on two tasks total 6000 words count

Demonstrate and compare two specimens of malware & write a brief report answering set of questions about the insights gained & detailing your approach with relevant evidence (e.g. screenshots, excerpts of logs, etc.)

Part 1: Basic malware analysis (Malware Investigation)

Scenario and goal

This is part 1 of the graded exercise. It is worth 50% of your total grade. Every question is worth 5 points, for an exercise total of 50. In this scenario, an acquaintance was e-mailed a suspicious attachment and wants to know if it is malicious. He already opened the file and was surprised to see a foreign-language sentence. Now he is concerned that he is infected with malware.Answer all the questions below and write a full report. If you want to work in pairs, identify both authors on the report cover sheet and upload it twice.

Environment & tools

Statically and dynamically analyze the unzipped sample "29-10-2014_Quittung.rtf" on a Windows XP SP3 virtual machine. The archive password is "infected". Please note that this is real malware.Which tools to use is completely up to you. In malware analysis, there is rarely only one "right" path. Be creative! Still, I suggest you look at previous exercises and pick whatever tools you deem appropriate.

For this exercise, it okay to let the sample talk to the outside world. Before you do that, however, it is recommended to simulate internet communication (also see lab exercise "Combined dynamic analysis") and determine beforehand if it is safe.

Analysis tasks of Part I

• Analyze the social engineering component of the malware. Translate it. How does it try to get people to execute it?
• Your friend has already opened the document attachment. What happened? Is his machine already infected? Find proof for/Argue your answer!
• Extract the core malware and document the steps.
• Perform a basic static analysis of the sample and document your findings. Is it packed? What do the imports and exports tell you? Do you see anything suspicious section- wise? Interesting strings? Remember: MSDN is your friend!
• Analyze the sample dynamically and monitor the activity on the system. What changes? Is anything dropped, executed or deleted? If you use Regshot, be careful to set the right scan directory (C:)!
• Can you find indicators for sandbox or VM detection? What can you do to circumvent it? Restart your analysis after taking care of the anti-analysis technique(s).
• Try to find out what the sample is about to do network-wise and set up an appropriate fake environment. What is happening?
• What are the sample's runtime dependencies? What is it trying to download? Try to play along and set up the environment it wants and determine what the malware needs the additional software for.
• Extract and document all relevant IP addresses that are or might be contacted (static and dynamic analysis) and determine domain ownership.
• If you satisfied all the sample's requirements (i.e. installed all the components it needs) the malware will alter your system's configuration. What is happening? Hint: Certificates.

Part 2: Ransomware disassembly (Malware Investigation)

Scenario and goal

This is part 2 of the graded exercise. It is worth 50% of your total grade. Every question is worth 5 points, for an exercise total of 50. In this scenario, your company's CFO was victim of a crypto locker, losing all her precious holiday photos. She comes to you in hopes that you'llbe able to help her recover her files without paying the ransom. The incident response team has already located the malicious sample and provides you with both the malware and an encrypted sample that needs to be recovered at all costs.

Answer questions listed below and write a full report. If you want to work in pairs, identify both authors on the report cover sheet and upload it twice.

Environment & tools

Analyze the sample "cryptolock.exe" on a Windows virtual machine. The archive password is "infected". Which tools to use is completely up to you. In malware analysis, there is rarely only one "right" path. Be creative and know when to stop. With disassembly, you will see many functions that will not yield any useful answers. For this exercise, it okay to let the sample talk to the outside world. Before you do that, however, it is recommended to simulate internet communication (also see lab exercise "Combined dynamic analysis") and determine beforehand if it is safe.

The questions below provide hints about the technical backgrounds and recommended MO.

Analysis tasks 2 of PART II (Malware Investigation)

• Perform a basic static analysis of the sample and document your findings. Is it packed? What do the imports and exports tell you? Do you see anything suspicious section- wise? Interesting strings?
• Attempt to execute the sample and use basic dynamic analysis tools to determine whether the sample causes damage to the system. Can the sample be executed as is? If yes, what happens? If no, why not?
• Load the sample into IDA and attempt to locate the "main" function (which is not necessarily called this way). You will see a lot of exit conditions that will terminate the program when run. Where is the main function? Highlight it and expand it.
• Document and interpret what's going on in the sample's main method. It helps to rename functions whose purpose you have identified. Which function calls can you identify and name? Hint: Pseudocode might help (there is an IDA plugin for that!). You might also want to return to/continue this part of the exercise later during task 9.
• What parameters does the sample need to function? What are their types (integer, string, etc.)? Combine fuzzing with disassembly (i.e. supply likely parameters and see what happens and also locate the spot in the code where the parameters are defined).
• Armed with the correct parameters, use the crypto locker on some files of your choice and document what's happening (return to dynamic analysis). How is the malware altering the test files (use hex editor)?
• It can be assumed that the ransomware first reads the file, change its contents, and then writes the new version to a file. One possible analysis approach can be to "follow" the source (victim) file through the encryption process. A combined approach is most promising: Use Procmon to monitor file accesses while running a debugger to locate the corresponding functionality in the code. Where are the read/write operations located in the code?
• It is time to determine the kind of encryption that is being used by the sample. Download and use the tool "signsrch" to get an idea of what is happening. Which crypto algorithm does the malware utilize?
• What is the key for the encryption process? Where does the crypto locker get it from? How is it processed within the malware and where does it end up?
• Now that you know what kind of encryption is being used on the files, use a tool of your choice (e.g. online tools, GitHub apps, self- coded approach) to decrypt the CFO's file. Document the steps and the final (decrypted) result! If you fail to decrypt the desired file, document the process with a file of your choice (where you know the key) for half the points of this item.

Written report with consecutively numbered answers for each task (max. 6000 words for complete report)

Why should you choose Expertsminds for CTEC5807 Malware Analysis Assignment Help?

• High Quality Written Document: we provide well written documents along with proper formatting and text referencing for this assignment under CTEC5807 Malware Analysis assignment help and coursework writing service.
• No Plagiarism Policy, we imply no plagiarism policy under CTEC5807 Malware Analysis assignment help and homework writing service.
• Affordable Cost of Service of CTEC5807 Malware Analysis assignment help
• 100% satisfaction under CTEC5807 Malware Analysis coursework writing service and assignment help service.
• Unlimited revisions:- We work till you are satisfied with our CTEC5807 Malware Analysis assignment help and coursework writing service.

So why are you waiting for? Apply today for online CTEC5807 Malware Analysis assignment help and coursework writing service and get assistance from quality tutors.

Related Course Programs and Assignment Help Services of Expertsminds!

• CTEC5805 Cyber Engineering Assignment Help
• CTEC5711 Requirement Analysis and Cloud-based System Design Assignment Help
• CTEC5807 Malware Analysis Assignment Help
• CTEC5405 Current Issues for Practitioners Assignment Help
• CTEC2915 Cryptography Assignment Help
• CTEC5505 Current Issues for Practitioners (Extension) Assignment Help
• CTEC1800 Creative Client Computing Assignment Help
• CTEC5305 Advanced Forensics and Incident Response Assignment Help
• CTEC2902 Advanced Programming Assignment Help
• CTEC5711 Advanced Requirements Engineering and Software Architecture Assignment Help
• CTEC5724 Advanced Research Topics in Cyber Technology Assignment Help
• CTEC2311 Agile Methods & Development Assignment Help
• CTEC5725 Agile Project Management Assignment Help
• CTEC5408 Alternative Operating System Forensics Assignment Help
• CTEC5304 Applied Forensics - Malware Investigations Assignment Help
• CTEC5407 Binary Analysis of Microsoft Office Documents (CPD) Assignment Help
• CTEC5812 Business Continuity Management Assignment Help
• CTEC1111 Business Technology and Programming Assignment Help
• CTEC1911 C Programming II Assignment Help
• CTEC1203 Communications Assignment Help
• CTEC1901 Computational Modelling Assignment Help
• CTEC1491 Computer Ethics, Law and Portfolio Assignment Help
• CTEC1303 Computer Law & Cyber Security Assignment Help
• CTEC1905 Computer Law and Cyber Security Assignment Help
• ENGD3701 Advanced Digital Design Assignment Help