Procmon malware analysis
![Procmon malware analysis](https://cdn1.cdnme.se/5447227/9-3/6_64e61dfae087c31b411cc5f3.png)
From the host-based indicators perspective, what is the main payload that is initiated at detonation? What tool can you use to identify this?.Are there any notable occurrences at first detonation? Without internet simulation? With internet simulation? Pressing "Cancel" is the ONLY guaranteed safe choice. If you want to abandon the connection completely, press "Cancel". If you want to carry on connecting but without updating the cache,
![procmon malware analysis procmon malware analysis](http://lh6.ggpht.com/_hrvCBhtWhJ4/SfcnjHxeGII/AAAAAAAAAms/xbI3clfdF2c/procmon_options_thumb[3].png)
The server's 's cache and continue connecting. Guarantee that the server is the computer you think it is. # Floss server's host key is not cached in the registry.
![procmon malware analysis procmon malware analysis](https://www.digitalforensics.com/blog/wp-content/uploads/2016/10/malware_dynamic_analysis_weare4n6.jpg)
Is it likely that this binary is packed?.This is putty so maybe this is why this is found?.Describe the results of inspecting the IAT for this binary.There may be relevant variables named KEYTYPE and APPNAME.Can any interesting information be extracted from the strings? Record and describe any strings that are potentially interesting. Describe the results of pulling the strings from this binary.Are there any results from submitting the SHA256 hash to VirusTotal?.
![procmon malware analysis procmon malware analysis](https://i.ytimg.com/vi/5W3LbTQeTCE/maxresdefault.jpg)
putty.exe: PE32 executable (GUI) Intel 80386, for MS Windows.
![procmon malware analysis procmon malware analysis](https://images-na.ssl-images-amazon.com/images/I/512NAoFx2HL.jpg)
Potential call out to specified DNS Record on HTTPS port 443 6 /msdcorelib.ex AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Startup intrt explr http : // Initial det:īase64 encoded data from socket on TCP 5555 InternetOpenW InternetOpenUrlW wininet wininet MultiByteToWideChar kernel32 kernel32 MessageBoxW user32 user32 + ] what command can I run for you + ] online NO SOUP FOR YOU \ mscordll.
![Procmon malware analysis](https://cdn1.cdnme.se/5447227/9-3/6_64e61dfae087c31b411cc5f3.png)