Monitoring File System Activities

What is Dynamic Analysis?

Dynamic analysis involves executing a program (in this case, malware) in a controlled environment to observe its behavior in real-time. This approach helps identify the actions taken by the malware, such as

• Process creation
• File creation, modification, deletion
• Network communication
• Registry changes.

Why Use Dynamic Analysis?

Dynamic analysis is crucial because it allows us to:

• Understand Malware Behavior: By observing the actions of malware in real-time, analysts can understand how it operates and spreads.
• Identify Malicious Activities: Dynamic analysis helps in pinpointing specific activities such as file operations, registry changes, and network communications.
• Develop Mitigation Strategies: Understanding the behavior of malware aids in developing effective mitigation and remediation strategies.

Analyzing Malware File  Activity

Imagine your company’s development team has inadvertently integrated a counterfeit PixiJS library into their project. This fraudulent library is a potential carrier of the GOOTLOADER malware, known for being deployed by the threat group UNC2565. Your task is to analyze the malicious behavior embedded in this fake library, assess the potential damage, and take necessary mitigation steps. By using ProcMon, you can track the file system activities to pinpoint the exact files and processes involved.

Let's walk through the steps to monitor and analyze file system activities using ProcMon:

What is ProcMon?

ProcMon is