Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

// Malware Analysis Overview

Param Mehta, Cybersecurity B.S.

09 Dec 2021

Q & A

West Point

United States Army Cyber Institute

at USMA West Point

My

Experience

  • Helped develop an API Malware Analyzer

  • Utilized multiple computing languages to create layers of the system

(C, C++, Python, etc.)

  • Parse through JSON files to find and define Windows System Calls

  • Create Windows Rules

  • Utilize data structures for low-level memory management (Finite-state machine)

Timeline

Develop Dispatcher & Main()

Presentation

04

02

01

05

03

JSON Parser

Publish Research Paper

Malware Family Research

Malware

What is Malware?

  • Malicious software which has the main intent of attacking it's victim to damage, disrupt, expose their data and digital privacy

Malware Attribution Process

  • Conduct research on malware family's processes and behaviors
  • Develop attribution rules via patterns of malware family
  • Engineer an API to detect malware existence via attribution rules

Methods

Process Injection -

sourced from: Hosseini, Ashkan

https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process, 18 July 2017

- Creates Process

- send and open

- Inject Data

- via DLL, code, process, etc

- Transfer to Process

- Execute

Process Fork()

- Creates a new process system call

- No argument needed

- Process ID of the child process

- After creation of the process, both parent and child processes, starts execution simultaneously from the next instruction

Win Syslogs

Win Syslogs

Malware Rules

Malware

Rules

cat 1.json | jq '.behavior.processes[1]

.calls[].api' > trend.txt

"ldrloadDll"

"ntterminateprocess"

"ntreadfile"

Malware

Fingerprints

My Findings

Findings

Ziyang Malware -

  • Mutex API - "Mutual Exclusion Object" Pattern

Challenges

  • Knowledge Gaps

  • Data Integrity

  • Time Management

Milestones

Milestones

  • Initial Research Preparation: August 2021

  • Research Proposal: September 2021

  • Malware Family Analysis: November 2021

  • Malware Family Analysis Continuation:

December 2021 - April 2022

  • Malware Family Rules Blueprints:

January 2022 - April 2022

  • Completion of Documentation: NLT April 2022

  • Conclusion of Research: NLT May 2022

Q & A

Resources

  • Cuckoo Sandbox
  • Apian - Rules Engine for API Events
  • Army Cyber Institute at The United States Military Academy (West Point)
  • MAJ Adam Duby, Department of Electrical Engineering and Computer Science, US Military Academy
  • MAJ John Rollinson, ACI Research Scientist, US Military Academy
  • Microsoft Windows Documentation

www.paramehta.com

Learn more about creating dynamic, engaging presentations with Prezi