The steadily increasing amount of malware puts an even larger amount of work required to analyze all the gathered samples. The current methods of analyzing malware come with their downsides such as inefficiency as a manual analysis requires a human or dynamic analysis that could be considered unreliable. The usage of dynamic malware analysis where the malware is executed in a sandbox environment is proven to be an efficient method of analyzing malware. As the techniques used to protect the system evolves, so do the attacking techniques. Some of the malware uses advanced evasion techniques to avoid detection from these sandbox analyzing environments, which causes the malware to be cleared and later executed in a real, target environment. These evasion techniques can find certain artifacts in the system which is inherent to a sandbox environment. Previous studies mention the lack of transparency between the virtual and physical host to be one of the bigger giveaways for the malware when looking for artifacts. There is also a grey area regarding how the malware acts and behaves, trying to assess and figure out if it is in a sandbox or not. This paper focused on creating a sandboxing analyzing environment within a physical machine, using all the dead giveaways by keeping the system as minimal as possible with only analyzing tools and software, in other words creating a fake sandbox environment. 12 samples of malware were analyzed in the two environments and the results show that the malware interacts more within the physical system and uses different APIs, System calls, and dlls compared to the virtual system. The malware samples, after its running process, resulted in similar activities on both systems which indicated that mimicking a sandbox could be effective to deter evasive malware.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:his-22020 |
Date | January 2022 |
Creators | Lindorin, Axel |
Publisher | Högskolan i Skövde, Institutionen för informationsteknologi |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0017 seconds