aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2025-12-24 09:24:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

adding lab

Browse Source
This commit is contained in:
Amanda Rousseau
2017-03-21 16:59:08 -07:00
parent 2077c7216b
commit f4c41d6988
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
triage.md
View File

@@ -67,6 +67,7 @@ Questions to ask:
## Malware Analysis Report
You will want to capture this information throughout your investigation either through notes or report documents.
You can use the **Malware Analysis Report** template [HERE](https://securedorg.github.io/ReportForm.html)
@@ -75,9 +76,9 @@ You can use the **Malware Analysis Report** template [HERE](https://securedorg.g
1. Run the Victim VM
2. Copy over the unknown file
3. Check the file header by opening the file in the hex editor **HxD**
* Notice the first 1 byte is **MZ** meaning it's a PE Binary
* Notice the first 1 byte is **MZ** meaning it's a PE Binary
4. Now right click the file and select **CFF explorer** to check the PE header
* Note the imports it's using
* Note the imports it's using
5. Calculate the hash using **quickhash**, go to virustotal.com and search the hash
6. Open the file in **BinText** and record any interesting strings