Write a report answering the following:
Part A: Static Analysis
As it sounds, static analysis is an examination of a suspected binary or executable without actually executing it. Various tools include disassemblers, decompilers, and source code analyzers. Typically, static analysis is incapable of giving a complete picture of the program’s behavior. In addition, malware creators can deliberately obstruct static analysis by means of packing, encryption, or obfuscation.
Use the link as reference :https://resources.infosecinstitute.com/malware-analysis-basics-static-analysis/
Question 1:
– Briefly summarize the static analysis attempts to learn from a suspected binary.
-What are the limitations of static analysis, or in other words, why is dynamic analysis needed?
Part B: Dynamic Analysis
Dynamic analysis involves execution of a suspected binary or executable to learn about its possibly malicious behavior. Generally, dynamic analysis looks for suspicious behavior with regards to the following:
Actions on the machine where it is running, e.g., buffer overflows, file changes;
Network traffic, e.g., communications with C&C (communications and control) servers;
Attempts to self-replicate.
Dynamic analysis can be complicated when malware creators design malware to change its behavior if it detects the presence of a virtual machine.
Clearly, execution should be done in a restricted environment like a sandbox to protect the network and other machines. There are obvious costs in computing resources and execution time. Thus, it is not feasible to carry out dynamic analysis for every suspected binary. In addition, a high level of technical expertise is needed to understand the results of dynamic analysis. Dynamic analysis, as well as static analysis, is much like detective work.
Use link as reference: https://resources.infosecinstitute.com/malware-analysis-basic-dynamic-techniques/
Question 2:
Give an example of program behavior that can be learned only through dynamic analysis and not static analysis.
Question 3:
Briefly summarize the risks of dynamic analysis
Question 4:
Give an example of an included package in Cuckoo Sandbox. Suggested reference
http://docs.cuckoosandbox.org/en/latest/usage/packages/
Write a short report addressing the above questions.
