Call for Paper - Upcoming Issues

In-depth Malware Behaviour Analysis: Network and Registry Changes in an Isolated Windows Environment

International Journal of Electronics and Communication Engineering
© 2024 by SSRG - IJECE Journal
Volume 11 Issue 12
Year of Publication : 2024
Authors : Abdullahi Mohamud Osoble, Adam Muhudin, Yahye Abukar Ahmed, Osman Diriye Hussein, Abdirahman Abdullahi Omar
10.14445/23488549/IJECE-V11I12P102
pdf
How to Cite?

Abdullahi Mohamud Osoble, Adam Muhudin, Yahye Abukar Ahmed, Osman Diriye Hussein, Abdirahman Abdullahi Omar, "In-depth Malware Behaviour Analysis: Network and Registry Changes in an Isolated Windows Environment," SSRG International Journal of Electronics and Communication Engineering, vol. 11,  no. 12, pp. 12-19, 2024. Crossref, https://doi.org/10.14445/23488549/IJECE-V11I12P102

Abstract:

This paper analyzes the malware variant of samples.exe and its impact on a Windows 10 virtual machine. The analysis employs Process Monitor (ProcMon) and Regshot as key tools to observe and document malware behavior. ProcMon tracks real-time events such as registry manipulations and DNS configuration changes, while Regshot captures and compares pre- and post-infection registry states. As sophisticated information-tracking utilities, like ProcMon and Regshot, have records at every step of malware operation, some obvious changes to system registry and network settings have been noticed. Key findings: This virus changes DNS settings. This would have an impact on traffic routing into malicious websites; the turning off of the real-time protection of the Windows Defender, a normal practice seen in this kind of virus for avoiding detection and hence assured persistence. Still, more modification in registry locations, especially related to Windows Error Reporting and Group Policy, hints at the big malware plan to destroy system policies and hide within them. The above steps have uncovered how strategic malware can threaten the system's stability and network integrity by severely compromising its security. In this regard, research overemphasizes the desperate need for capable detection mechanisms and proactive security measures that help overcome this ever-emerging threat in present and modern computer environments.

Keywords:

Malware analysis, Registry modifications, DNS settings, ProcMon, Regshot.

References:

[1] Anitta Patience Namanya et al., “The World of Malware: An Overview,” 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud), Barcelona, Spain, pp. 420-427, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Parachute, Cyber Attack Statistics to Know, Parachute, 2023. [Online]. Available: https://parachute.cloud/cyber-attack-statistics-data-and-trends/ 
[3] Mohammad Nasser Alenezi et al., “Evolution of Malware Threats and Techniques: A Review,” International Journal of Communication Networks and Information Security, vol. 12, no. 3, pp. 326-337, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Adib Fakhri Muhtadi, and Ahmad Almaarif, “Analysis of Malware Impact on Network Traffic Using Behavior-Based Detection Technique,” International Journal of Advances in Data and Information Systems, vol. 1, no. 1, pp. 17-25, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Sandra König, Assessing the Impact of Malware Attacks in Utility Networks, Game Theory for Security and Risk Management: From Theory to Practice, Birkhäuser, Cham, pp. 335-351, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Bharat Reddy Maddireddy, and Bhargava Reddy Maddireddy, “Automating Malware Detection: A Study on the Efficacy of AI-Driven Solutions,” Journal Environmental Sciences and Technology, vol. 2, no. 2, pp. 111-124, 2023.
[Google Scholar] [Publisher Link]
[7] Sudhakar, and Sushil Kumar, “An Emerging Threat Fileless Malware: A Survey and Research Challenges,” Cybersecurity, vol. 3, no. 1, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Amir Djenna, Saad Harous, and Djamel Eddine Saidouni, “Internet of Things Meet Internet of Threats: New Concern Cyber Security Issues of Critical Cyber Infrastructure,” Applied Sciences, vol. 11, no. 10, pp. 1-30, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Christian Rossow, “Using Malware Analysis to Evaluate Botnet Resilience,” Vrije Universiteit Amsterdam, Ph.D Thesis, 2013.
[Google Scholar] [Publisher Link]
[10] David Jefferson et al., “A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE),” Security Analysis of Serve, 2004.
[Google Scholar] [Publisher Link]
[11] Chaz Lever, “A Lustrum of Malware Network Communication: Evolution and Insights,” 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, pp. 788-804, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Saurabh Ganeriwal, Laura K. Balzano, and Mani B. Srivastava, “Reputation-Based Framework for High Integrity Sensor Networks,” ACM Transactions on Sensor Networks (TOSN), New York, United States, vol. 4, no. 3, pp. 1-37, 2008.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Luca Caviglione et al., “Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection,” IEEE Access, vol. 9, pp. 5371-5396, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Nithya Shankar, and Zareef Mohammed, “Surviving Data Breaches: A Multiple Case Study Analysis,” Journal of Comparative International Management, vol. 23, no. 1, pp. 35-54, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Vassil Vassilev et al., “Intelligence Graphs for Threat Intelligence and Security Policy Validation of Cyber Systems,” Proceedings of International Conference on Artificial Intelligence and Applications: ICAIA 2020, Singapore, pp. 125-139, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Ioannis Zografopoulos et al., “Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies,” IEEE Access, vol. 9, pp. 29775-29818, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Fawn T. Ngo et al., “Malicious Software Threats,” The Palgrave Handbook of International Cybercrime and Cyberdeviance, pp. 793-813, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Jagsir Singh, and Jaswinder Singh, “Detection of Malicious Software by Analyzing the Behavioral Artifacts Using Machine Learning Algorithms,” Information and Software Technology, vol. 121, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Anatoly Belous, and Vitali Saladukha, Computer Viruses, Malicious Logic, and Spyware, Viruses, Hardware and Software Trojans: Attacks and Countermeasures, Springer, Cham, pp. 101-207, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Ravisankar Madhvan, and Mohamad Fadli Zolkipli, “An Overview of Malware Injection Attacks: Techniques, Impacts, and Countermeasures,” Borneo International Journal, vol. 6, no. 3, pp. 22-30, 2023.
[Google Scholar] [Publisher Link]
[21] Aashi Singh Bhadouria, “Study of: Impact of Malicious Attacks and Data Breach on the Growth and Performance of the Company and Few of the World’s Biggest Data Breaches,” International Journal of Scientific and Research Publications, vol. 10, no. 10, 2022.
[Google Scholar]
[22] Srinath Perera et al., “Factors Affecting Reputational Damage to Organisations due to Cyberattacks,” Informatics, vol. 9, no. 1, pp. 1-24, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Hui Wu et al., “Research on Artificial Intelligence Enhancing Internet of Things Security: A Survey,” IEEE Access, vol. 8, pp. 153826-153848, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Nektaria Kaloudi, and Jingyue Li, “The AI-Based Cyber Threat Landscape: A Survey,” ACM Computing Surveys (CSUR), vol. 53, no. 1, pp. 1-34, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Marcus Botacin, André Grégio, and Marco Antonio Zanata Alves, “Near-Memory & In-Memory Detection of Fileless Malware,” Proceedings of the International Symposium on Memory Systems, Washington DC, USA, pp. 23-38, 2020.
[CrossRef] [Google Scholar] [Publisher Link]