Malware Analysis Assignment Help

Malware Analysis Assignment - Malware Investigation

MOST RELIABLE AND TRUSTWORTHY CTEC5807 MALWARE ANALYSIS ASSIGNMENT HELP & HOMEWORK WRITING SERVICES AT MIRACLESKILLS!

Comprehensive Computer and Network Technology Assignment Help for L/617/2268 - Your Ultimate Support Solution for Excelling in the OTHM Level 4 Diploma in Information Technology!

Learning Outcomes -

Learning Outcome 1 - Identify and analyze malware using appropriate procedures, tools and techniques.

Answer: Identifying and analyzing malware involves systematically employing appropriate procedures, tools, and techniques to uncover malicious software's presence, behavior, and impact. The process begins with identifying unusual system behaviors, such as performance slowdowns, unexpected pop-ups, or unauthorized data access. Analysts use tools like antivirus software, intrusion detection systems (IDS), and sandbox environments to isolate and examine suspicious files or activities. Techniques such as static analysis, which involves examining the malware's code without execution, and dynamic analysis, which observes its behavior during execution, help uncover its functionalities and intent. Reverse engineering may be employed to understand complex malware, using tools like disassemblers and debuggers. Additionally, leveraging threat intelligence platforms aids in correlating findings with known malware signatures and patterns. Proper documentation and adherence to security protocols ensure accurate analysis and effective mitigation strategies, minimizing the malware's impact on systems and networks.

Learning Outcome 2 - Interpret and communicate the significance of malware behavior to decision makers.

Answer: Interpreting and communicating the significance of malware behavior to decision-makers involves translating technical findings into actionable insights that support strategic responses. This process begins with analyzing malware behavior to identify its intent, such as data theft, system disruption, or unauthorized access. Key findings, including the malware's method of infiltration, targeted vulnerabilities, and potential impact, are summarized in clear, non-technical language. Visual aids like graphs, flowcharts, and infographics can be used to enhance understanding. The communication should focus on the risks posed to organizational assets, the urgency of the threat, and recommended mitigation or response strategies. By aligning technical details with business priorities, decision-makers are empowered to allocate resources effectively, implement security measures, and make informed decisions to protect organizational interests.

Learning Outcome 3 - Distinguish and critically compare malware delivery and spreading techniques.

Answer:  Distinguishing and critically comparing malware delivery and spreading techniques involves understanding the methods attackers use to introduce and propagate malicious software. Delivery techniques focus on how malware initially reaches the target system, such as phishing emails, malicious attachments, drive-by downloads, or exploiting software vulnerabilities. Spreading techniques, on the other hand, are mechanisms used to proliferate the malware across systems, networks, or devices. These may include worm-like behaviors, network propagation through shared drives, or leveraging infected devices as pivot points. Critical comparison reveals that while delivery methods often rely on user interaction or system weaknesses, spreading techniques exploit connectivity and automation to maximize impact. Evaluating the effectiveness, stealth, and scope of these techniques highlights their adaptability and underscores the importance of layered security measures to counteract evolving threats.

Learning Outcome 4 - Assess and synthesize the likely impact of a malware infection from its binary.

Answer: Assessing and synthesizing the likely impact of a malware infection from its binary involves analyzing the binary file to uncover its functionality, intent, and potential consequences. This process typically starts with static analysis to examine the binary's code structure, signatures, and embedded resources, followed by dynamic analysis to observe its behavior during execution in a controlled environment. By identifying characteristics such as payload delivery, system modifications, data exfiltration capabilities, or network communication, analysts can estimate the extent of the damage it may cause. Synthesizing this information provides a holistic view of the malware's impact on system integrity, data confidentiality, and operational availability. Such an assessment is crucial for prioritizing response actions, understanding the threat landscape, and devising robust countermeasures to mitigate future risks.

Tasks - In this assessment, you are expected to:

Analyze two specimens of malware and write a report answering set of questions about the insights gained and detailing your approach with relevant evidence (e.g. screenshots, excerpts of logs, etc.)

Searching for the best Diploma assignment help services? Contact us! As per your needs, the eminent assignment helpers in our team will offer you timely assistance at a budget-friendly price.

Section 1: Basic malware analysis

Scenario and goal - In this scenario, an acquaintance was e-mailed a suspicious attachment and wants to know if it is malicious. He already opened the file and was surprised to see a foreign-language sentence. Now he is concerned that he is infected with malware. Answer all the questions below and write a full report.

Analysis tasks -

Task 1. Analyze the social engineering component of the malware. Translate it. How does it try to get people to execute it?

Task 2. Your friend has already opened the document attachment. What happened? Is his machine already infected? Find proof for/Argue your answer!

Task 3. Extract the core malware and document the steps.

Task 4. Perform a basic static analysis of the sample and document your findings. Is it packed? What do the imports and exports tell you? Do you see anything suspicious section- wise? Interesting strings? Remember: MSDN is your friend!

Task 5. Analyze the sample dynamically and monitor the activity on the system. What changes? Is anything dropped, executed or deleted? If you use Regshot, be careful to set the right scan directory (C:)!

Task 6. Can you find indicators for sandbox or VM detection? What can you do to circumvent it? Restart your analysis after taking care of the anti-analysis technique(s).

Task 7. Try to find out what the sample is about to do network-wise and set up an appropriate fake environment. What is happening?

Task 8. What are the sample's runtime dependencies? What is it trying to download? Try to play along and set up the environment it wants and determine what the malware needs the additional software for.

Task 9. Extract and document all relevant IP addresses that are or might be contacted (static and dynamic analysis) and determine domain ownership.

Task 10. If you satisfied all the sample's requirements (i.e. installed all the components it needs) the malware will alter your system's configuration. What is happening? Hint: Certificates.

SAVE DISTINCTION MARKS IN EACH CTEC5807 MALWARE ANALYSIS ASSIGNMENT WHICH IS WRITTEN BY MIRACLESKILLS PROFESSIONAL WRITER!

Unlock the Ultimate Network Security Assignment Help for Pearson BTEC Level 5 HNC/D Diploma in Computing and Systems Development - Expert Guidance to Excel in Your Level 5 BTEC HND Journey!

Section 2: Ransomware disassembly

Scenario and goal - In this scenario, your company's CFO was victim of a crypto locker, losing all her precious holiday photos. She comes to you in hopes that you'll be able to help her recover her files without paying the ransom. The incident response team has already located the malicious sample and provides you with both the malware and an encrypted sample that needs to be recovered at all costs. Answer all the questions below and write a full report.

Analysis tasks -

Task 1. Perform a basic static analysis of the sample and document your findings. Is it packed? What do the imports and exports tell you? Do you see anything suspicious section- wise? Interesting strings?

Task 2. Attempt to execute the sample and use basic dynamic analysis tools to determine whether the sample causes damage to the system. Can the sample be executed as is? If yes, what happens? If no, why not?

Task 3. Load the sample into IDA and attempt to locate the "main" function (which is not necessarily called this way). You will see a lot of exit conditions that will terminate the program when run. Where is the main function? Highlight it and expand it.

Task 4. Document and interpret what's going on in the sample's main method. It helps to rename functions whose purpose you have identified. Which function calls can you identify and name? Hint: Pseudocode might help (there is an IDA plugin for that!). You might also want to return to/continue this part of the exercise later during task 9.

Task 5. What parameters does the sample need to function? What are their types (integer, string, etc.)? Combine fuzzing with disassembly (i.e. supply likely parameters and see what happens and also locate the spot in the code where the parameters are defined).

Task 6. Armed with the correct parameters, use the crypto locker on some files of your choice and document what's happening (return to dynamic analysis). How is the malware altering the test files (use hex editor)?

Task 7. It can be assumed that the ransomware first reads the file, change its contents, and then writes the new version to a file. One possible analysis approach can be to "follow" the source (victim) file through the encryption process. A combined approach is most promising: Use Procmon to monitor file accesses while running a debugger to locate the corresponding functionality in the code. Where are the read/write operations located in the code?

Task 8. It is time to determine the kind of encryption that is being used by the sample. Download and use the tool "signsrch" to get an idea of what is happening. Which crypto algorithm does the malware utilize?

Task 9. What is the key for the encryption process? Where does the crypto locker get it from? How is it processed within the malware and where does it end up?

Task 10. Now that you know what kind of encryption is being used on the files, use a tool of your choice (e.g. online tools, GitHub apps, self- coded approach) to decrypt the CFO's file. Document the steps and the final (decrypted) result! If you fail to decrypt the desired file, document the process with a file of your choice (where you know the key) for half the points of this item.

Note - Written report with consecutively numbered answers for each task (max. 6000 words).

Get HND Assignment Help Online from a Reliable and Trusted Assignment Writing Service. We have top HND assignment helpers who are ready to assist you with excellent quality work.

HIRE PROFESSIONAL WRITER FROM MIRACLESKILLS.COM AND GET BEST QUALITY CTEC5807 MALWARE ANALYSIS ASSIGNMENT HELP AND HOMEWORK WRITING SERVICES!

HRM and Employer Branding

Business BTEC Introductory Diploma Level 1

Improving Sustainability through Material Selection

Professional Diploma in Commercial Management

Postgraduate Certificate in Education PGCE

Strategic Financial Management Assignment Help

Level 5 Award in Management and Leadership - Pearson BTEC Certification

Managing People in Organisations Assignment Help

Enterprise and Small Business Management Assignment Help

Land-Based Studies (Horticulture) BTEC Certificate Level 1

Construction Practice and Management Assignment Help

Diploma in Business and Marketing Management

Want to Excel in Course? Hire Trusted Writers for Help! —> https://miracleskills.com/