Tag feed

#malware-analysis

103 posts49 followers

RRridesh raju bijwerideshcyber.hashnode.dev

SOC164 - Suspicious Mshta Behavior Walkthrough (EventID:114)

Today we’re investigating another LetsDefend alert: SOC164 – Suspicious Mshta Behavior This alert focuses on detecting suspicious usage of a legitimate Windows binary often abused by attackers. 🔎 Alert Overview From the monitoring page, we are pro...

6d ago3 min read

RRridesh raju bijwerideshcyber.hashnode.dev

⭐SOC282 – Phishing Alert: Deceptive Mail Detected Walkthrough (EventID:257)

Today we’re investigating another LetsDefend alert: SOC282 – Phishing Alert: Deceptive Mail Detected This alert focuses on identifying whether a suspicious email is malicious and determining the appropriate response actions. 🔎 Alert Overview From ...

Feb 173 min read

HKHarsha Kamakshigaribeyond-the-firewall.hashnode.dev

Bin 0x01: Antivirus Scanning and Malware Fingerprints

Introduction Ever wondered how antivirus software acts like a vigilant bouncer at a club, spotting troublemakers before they crash the party? Or how cybersecurity pros play detective, tracking elusive malware across the internet like fingerprints at ...

Feb 56 min read

RRridesh raju bijwerideshcyber.hashnode.dev

⭐ SOC146 – Phishing Mail Detected (Excel 4.0 Macros)[Event ID: 93]

Today, we are going to re-investigate SOC146 – Phishing Mail Detected (Excel 4.0 Macros).This alert is particularly interesting because I had investigated it almost a year ago, and revisiting it now helps reinforce how phishing investigations evolve ...

Feb 54 min read

VNVũ Nhật Lâmblog.fiscybersec.com

Cảnh Báo Khẩn: Nhóm KONNI tung chiến dịch tấn công mới nhắm vào nhà phát triển và hạ tầng blockchain

Tổng quan CPR ghi nhận một chiến dịch phishing mới do KONNI – nhóm APT hoạt động từ ít nhất 2014 – đang thực hiện. Nhóm này vốn nổi tiếng với các hoạt động gián điệp nhắm vào Hàn Quốc, tập trung vào cộng đồng ngoại giao, quan hệ quốc tế, tổ chức phi ...

Feb 37 min read

RRridesh raju bijwerideshcyber.hashnode.dev

SOC138 – Detected Suspicious XLS File | SOC Alert Walkthrough

In this blog, I will walk through the investigation of SOC138 – Detected Suspicious XLS File, performed on the Letsdefend.io platform. The objective of this analysis is to identify whether the detected file is malicious, determine host impact, and va...

Feb 23 min read

UBUmamaheswari Bsoc-analyst101.hashnode.dev

Malware Analysis | Home Lab

Environment Preparation (Before Execution) Before analyzing or executing the sample, a controlled virtual environment was prepared to prevent accidental data exposure or system compromise. Virtual Machine: Flare-VM No personal files, credentials, o...

Feb 17 min read

RRridesh raju bijwerideshcyber.hashnode.dev

🚨SOC202-FakeGPT Malicious Chrome Extension

Alert Investigation Walkthrough (LetsDefend.io) Today, I’m going to walk through my investigation of the SOC202 – FakeGPT Malicious Chrome Extension alert from LetsDefend.io. This write-up documents my step-by-step thought process as a SOC analyst, a...

Feb 14 min read

MAMarcos Alvaresm.alvar.es

[Anti-Analysis] Watching Memory Regions using GetWriteWatch API

I have been exploring some anti-debug techniques listed in the CheckPoint Anti-Debug Knowledge Base. This one really caught my attention. It uses the Kernel32.GetWriteWatch API to detect changes to a

Jan 261 min read

RRridesh raju bijwedynamic-malware-analysis-in-a-lab.hashnode.dev

Dynamic Malware Analysis: Observing Real-Time Malicious Behavior in a Controlled Lab

Introduction Static malware analysis helps us understand what a file contains, but dynamic malware analysis shows us what the malware actually does when executed. In this blog, I document a dynamic malware analysis performed on the same malware sampl...

Jan 254 min read

Search Hashnode

#malware-analysis

SOC164 - Suspicious Mshta Behavior Walkthrough (EventID:114)

⭐SOC282 – Phishing Alert: Deceptive Mail Detected Walkthrough (EventID:257)

Bin 0x01: Antivirus Scanning and Malware Fingerprints

⭐ SOC146 – Phishing Mail Detected (Excel 4.0 Macros)[Event ID: 93]

Cảnh Báo Khẩn: Nhóm KONNI tung chiến dịch tấn công mới nhắm vào nhà phát triển và hạ tầng blockchain

SOC138 – Detected Suspicious XLS File | SOC Alert Walkthrough

Malware Analysis | Home Lab

🚨SOC202-FakeGPT Malicious Chrome Extension

[Anti-Analysis] Watching Memory Regions using GetWriteWatch API

Dynamic Malware Analysis: Observing Real-Time Malicious Behavior in a Controlled Lab