SEC320 -Lab 7-F2023

docx

School

Seneca College *

*We aren’t endorsed by this school

Course

320

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

10

Uploaded by AmbassadorUniverseWasp29

Report
SEC320 Lab 7 Lab 7: Basic Static Malware Analysis Students cannot work with malware, or complete other dangerous/sensitive security labs at home. These must be completed on the campus (Room K1272 and K1003), in the security lab and on the security lab machines. (Do not use your laptop for this lab) All sensitive security labs must be completed on campus. (Room K1272 and K1003) Labs that are completed outside of the campus and not in Room K1272 and K1003 cannot be accepted, if completed after this announcement. Use this temple to answer each part All screen shots should have your pc time stamp and VM’s name that should be changed to your name. Labs submitted late will be assigned a grade of ‘F’ Late labs still need to be satisfactorily completed Requirement for the lab Malware Analysis We will use the Analysis virtual machines hosted by ITS for these labs. Information will be provided for this lab. Seneca College My VM Lab access: https://myvmlab-console.senecacollege.ca/ Login with your Seneca email address as the username, and then the Seneca email password. Page 1 of 10
SEC320 Lab 7 Each student will have access to a virtual machine, which will be used to download files from a virtual fileserver Each virtual machine has a BASE snapshot do not delete it! Make new snapshots and you can delete those. Static Malware Analysis steps: Please do not delete the Baseline snapshot Disable Guest Isolation options - Copy and Paste, Drag and Drop (Not necessary for ITS hosted machines) Start the virtual machine Install tools needed for Analysis if they are not installed already. SNAPSHOT virtual machine -->Already isolated (Isolate virtual machine from INTERNET => LAN Segment, or disconnect from network completely. Download malware files from virtual file server through link on Browser Extract malware Analyze malware Once you are done revert to Base SNAPSHOT when virtual machine was clean with no malware. If something went wrong please delete the virtual machine to avoid any unwanted infections. Confirm machine has no copies of any malware files from before. Part 1 - Work with Lab01-01.exe and Lab01-01.dll Note: This lab must be completed on the campus, in the security lab (room K1272 or K1003) and on virtual machines hosted by ITS. (Do not use your laptop for this lab) otherwise you will get zero. Virtual Machin password is: s3c320! Download the malware, extract it, the password is malware Page 2 of 10
SEC320 Lab 7 Tools: Page 3 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SEC320 Lab 7 1. When were these files compiled? (Using PEview) Using lab01-01.exe file Using lab01-01.dll file Screen shot with timestamp Page 4 of 10
SEC320 Lab 7 2. Are there any indications that either of these files is packed or obfuscated?If so, what are these indicators? Using lab01-01.exe file Using lab01-01.dll file Screen shot with timestamp 3. Do any imports hint at what this malware does? If so, which imports are they? Page 5 of 10
SEC320 Lab 7 Screen shot with timestamp 4. What network-based indicators could be used to find this malware on infected machines? Page 6 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SEC320 Lab 7 Page 7 of 10
SEC320 Lab 7 Screen shot with timestamp 5. What would you guess is the purpose of these files? Screen shot with timestamp Part 2 - Analyze the file Lab01-02.exe Note: This lab must be completed on the campus, in the security lab (room K1272 or K1003) and on the security lab machines. (Do not use your laptop for this lab) otherwise you will get zero. You can use this video to have more information. Basic Static Malware Analysis https://vimeo.com/643039955 Password: Winter2023___Pedram_Habibi 1. Are there any indications that this file is packed or obfuscated? If so, what are these indicators? If the file is packed, unpack it if possible. Page 8 of 10
SEC320 Lab 7 Screen shot with timestamp 2. Do any imports hint at this program’s functionality? If so, which imports are they and what do they tell you? Page 9 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SEC320 Lab 7 Screen shot with timestamp 3. What host- or network-based indicators could be used to identify this malware on infected machines? Screen shot with timestamp Part 3 – Consent Fill up the following statement. I (your first and last name), Student ID (Your student ID) has completed this lab on campus room K1003 or K1272 between (time) and (time) on Nov ( day) . Page 10 of 10

Related Documents

TASK2.docx
Documentation Project 2 SPS.docx
DB2.docx
Lab Activity - Configure Router Passwords in Packet Tracer.docx
IMG_1927.jpeg
Bullie Assignment 1.docx
SEC320-Project-F23.pptx
Chapter 13 Homework.docx
Quality Core Tool Report Group 4.....docx
POLISCI_toldPresentation.docx
Week 8 Forum.docx
FigueroaMiguelW2-Ethic.docx